proszę o sprawdzenie loga z HijackThis

IP: *.net.pulawy.pl 18.10.06, 18:59
Logfile of HijackThis v1.99.1
Scan saved at 18:54:09, on 2006-10-18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\wingate.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Corel\Graphics8\programs\MFIndexer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUMENTS AND SETTINGS\ANIA\PULPIT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\config\svchost.exe
F2 - REG:system.ini: UserInit=D:\WINDOWS\System32\userinit.exe,userinit.exe
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program
Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft (R) Windows Configuration Backup Service]
D:\WINDOWS\config\svchost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft hosst machine] taskhosst.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Microsoft hosst machine] taskhosst.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK =
D:\Corel\Graphics8\programs\MFIndexer.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://d:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://d:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{35FD8AAE-E553-45F3-9BB7-A786182D6F1F}:
NameServer = 212.182.66.21,194.204.159.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DATA - Unknown owner - D:\WINDOWS\data.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner -
D:\WINDOWS\svchost.exe (file missing)
O23 - Service: TASKESV (TESV) - Unknown owner - D:\WINDOWS\taskcntr.exe (file
missing)
O23 - Service: WinGate - Unknown owner - D:\WINDOWS\wingate.exe



    • Gość: Kolobos Re: proszę o sprawdzenie loga z HijackThis IP: *.icm.edu.pl 18.10.06, 21:05
      Masz piracki windows bez aktualizacji wiec zamknij porty przy pomocy wwdc, do tego skan przy pomocy ewido i nie uzywaj juz wiecej IE.

      W hjt usun:
      F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\config\svchost.exe
      F2 - REG:system.ini: UserInit=D:\WINDOWS\System32\userinit.exe,userinit.exe
      O4 - HKLM\..\Run: [Microsoft (R) Windows Configuration Backup Service]
      D:\WINDOWS\config\svchost.exe <- plik usun z dysku.
      O4 - HKLM\..\Run: [Microsoft hosst machine] taskhosst.exe <- plik usun z dysku.
      O4 - HKLM\..\RunServices: [Microsoft hosst machine] taskhosst.exe

      Uslugi do kasacji, opis usuwania uslug masz w przyklejonym poscie:
      O23 - Service: DATA - Unknown owner - D:\WINDOWS\data.exe (file missing)
      O23 - Service: Power Manager (PowerManager) - Unknown owner -
      D:\WINDOWS\svchost.exe (file missing)
      O23 - Service: TASKESV (TESV) - Unknown owner - D:\WINDOWS\taskcntr.exe (file
      missing)
      O23 - Service: WinGate - Unknown owner - D:\WINDOWS\wingate.exe <- plik usun z dysku po kasacji uslugi.
      • Gość: magda Re: proszę o sprawdzenie loga z HijackThis IP: *.net.pulawy.pl 18.10.06, 23:12
        Serdecznie dziękuję :)

        Nie wiem jednak jak pozamykać porty za pomocą wwdc (korzystalam z pomocy w
        przyklejonym temacie, jednak nie znalazłam UPnP w "Zmień usuń programy" - mam
        ten żółty trójkat przy tym cokolwiek on oznacza )

        oto aktualny log:

        Logfile of HijackThis v1.99.1
        Scan saved at 22:52:23, on 2006-10-18
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        D:\WINDOWS\System32\smss.exe
        D:\WINDOWS\system32\winlogon.exe
        D:\WINDOWS\system32\services.exe
        D:\WINDOWS\system32\lsass.exe
        D:\WINDOWS\system32\svchost.exe
        D:\WINDOWS\System32\svchost.exe
        D:\WINDOWS\system32\spoolsv.exe
        D:\WINDOWS\Explorer.EXE
        D:\Program Files\Common Files\Real\Update_OB\realsched.exe
        D:\Program Files\Winamp\winampa.exe
        D:\Program Files\Messenger\msmsgs.exe
        D:\Corel\Graphics8\programs\MFIndexer.exe
        D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        D:\Program Files\Alwil Software\Avast4\ashServ.exe
        D:\WINDOWS\System32\inetsrv\inetinfo.exe
        D:\WINDOWS\System32\nvsvc32.exe
        D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        D:\WINDOWS\System32\wuauclt.exe
        D:\Documents and Settings\Ania\Pulpit\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.interia.pl/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.interia.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program
        Files\DAP\DAPIEBar.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        D:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
        O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
        O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK =
        D:\Corel\Graphics8\programs\MFIndexer.exe
        O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
        O8 - Extra context menu item: &Google Search - res://d:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://d:\program
        files\google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Backward Links - res://d:\program
        files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program
        files\google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
        O8 - Extra context menu item: Similar Pages - res://d:\program
        files\google\GoogleToolbar1.dll/cmsimilar.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        D:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
        Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O17 - HKLM\System\CCS\Services\Tcpip\..\{35FD8AAE-E553-45F3-9BB7-A786182D6F1F}:
        NameServer = 212.182.66.21,194.204.159.1
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        D:\WINDOWS\System32\nvsvc32.exe

        • Gość: Kolobos Re: proszę o sprawdzenie loga z HijackThis IP: *.icm.edu.pl 18.10.06, 23:47
          W dodaj usun programy szukasz w skladniki systemowe. Ale jak zostanie tak jak jest to tez nic zlego sie nie stanie.

Pełna wersja