proszę o sprawdzenie loga hj

IP: 83.14.13.* 23.10.06, 17:09
Logfile of HijackThis v1.99.1
Scan saved at 17:04:13, on 2006-10-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\PLANET WL-8310\WLANPRO.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Krzysiek\Moje dokumenty\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program
Files\strCodec\isaddon.dll (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} -
C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} -
C:\WINDOWS\System32\SearchTool\nsg1BF1.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} -
C:\WINDOWS\System32\SmartShopper\SmartShopper0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} -
C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148980669022
O17 -
HKLM\System\CCS\Services\Tcpip\..\{35F00CA4-99FE-409F-A3C9-45A67818D554}:
NameServer = 194.204.159.1,194.204.152.34
O17 -
HKLM\System\CS2\Services\Tcpip\..\{35F00CA4-99FE-409F-A3C9-45A67818D554}:
NameServer = 194.204.159.1,194.204.152.34
O17 -
HKLM\System\CS3\Services\Tcpip\..\{35F00CA4-99FE-409F-A3C9-45A67818D554}:
NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -
C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
Files\Eset\nod32krn.exe

    • Gość: Kolobos Re: proszę o sprawdzenie loga hj IP: *.escom.net.pl 23.10.06, 17:19
      wwdc + ewido do tego zmiana przegladarki na Opere lub Firefox.

      W hjt usun:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      google.bearshare.com/pl/
      O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program
      Files\strCodec\isaddon.dll (file missing)
      O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} -
      C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL <- katalog MyGlo.. usun z dysku.
      O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} -
      C:\WINDOWS\System32\SearchTool\nsg1BF1.dll <- katalog SearchTo.. usun z dysku.
      O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} -
      C:\WINDOWS\System32\SmartShopper\SmartShopper0.dll <- katalog SmartSh... usun z dysku.
      O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} -
      C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL

      Uzyj tez: siri.urz.free.fr/Fix/SmitfraudFix_En.php robisz to co masz napisane pod "Clean", log z usuwania wklej na forum.

      • Gość: ii Re: proszę o sprawdzenie loga hj IP: 83.14.13.* 23.10.06, 18:00
        SmitFraudFix v2.113

        Scan done at 17:48:56,40, 2006-10-23
        Run from C:\Documents and Settings\Krzysiek\Pulpit\Nowy folder
        OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
        Fix run in safe mode

        »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

        C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted
        C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted

        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

        Registry Cleaning done.

        »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» End

Pełna wersja