Proszę o sprawdzenie loga

IP: *.bsk.vectranet.pl 20.11.06, 10:56
Mam Konekta zamiast gg no i nie moge wysylac wiadomosci. Wczoraj dostalem linka od znajomego (www.sunstateemployment.com/ PolskieDrogi_200621560 html - NIE WCHODZIC!!) poznije dowiedzialem sie ze to wir. Ale log wyglada jak dla mnie dobrze. myle sie?

Logfile of HijackThis v1.99.1
Scan saved at 10:53:33, on 2006-11-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\jeffo\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=w3cache.bsk.vectranet.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.escom.net.pl 20.11.06, 11:26
      Odpowiedz czemu nie dziala gg masz w przyklejonym.
      Dla pewnosci przeskanuj system przy pomocy ewido zainstaluj tez antywirus AntiVir PE i rowniez przeskanuj system.
      Wklej tez log z SilentRunners.

      W hjt usun:
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      (file missing)
      • Gość: scr Re: Proszę o sprawdzenie loga IP: *.bsk.vectranet.pl 20.11.06, 17:41
        Uzywam KOnekta zamiast gg i Opery.
        Wczoraj odpalilem pewien link ktory dostalem od zanjomego. Strona byla "pusta". Napisalem koledze ze link crashed a on stweirdzil ze po kliknieciu w ten sam link, gg rozeslalo do wszystkich z listy tego samego linka. Wszystkie programy ktore wymieniles nie znalazly niczego na dysku :/
        Log z SilentRunners:

        "Silent Runners.vbs", revision 49, www.silentrunners.org/
        Operating System: Windows XP SP2
        Output limited to non-default values, except where indicated by "{++}"


        Startup items buried in registry:
        ---------------------------------

        HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
        "AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
        "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
        "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
        "Jet Detection" = ""C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"" [empty string]
        "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
        "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
        "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
        "avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
        {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
        -> {HKLM...CLSID} = "SSVHelper Class"
        \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

        HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
        "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
        -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
        \InProcServer32\(Default) = "deskpan.dll" [file not found]
        "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
        -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
        \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
        "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
        "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
        -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
        \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
        <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
        -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
        \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

        HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
        <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

        HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
        AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
        -> {HKLM...CLSID} = "CContextScan Object"
        \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
        Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
        -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
        \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

        HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
        AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
        -> {HKLM...CLSID} = "CContextScan Object"
        \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

        HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
        Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
        -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
        \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


        Group Policies {GPedit.msc branch and setting}:
        -----------------------------------------------

        Note: detected settings may not have any effect.

        HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

        "DisableRegistryTools" = (REG_DWORD) hex:0x00000000
        {User Configuration|Administrative Templates|System|
        Prevent access to registry editing tools}

        HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

        "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
        {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
        Shutdown: Allow system to be shut down without having to log on}

        "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
        {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
        Devices: Allow undock without having to log on}


        Active Desktop and Wallpaper:
        -----------------------------

        Active Desktop may be disabled at this entry:
        HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

        Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
        HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
        "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

        Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
        HKCU\Control Panel\Desktop\
        "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


        Enabled Screen Saver:
        ---------------------

        HKCU\Control Panel\Desktop\
        "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


        Startup items in "jeffo" & "All Users" startup folders:
        -------------------------------------------------------

        C:\Documents and Settings\jeffo\Menu Start\Programy\Autostart
        "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


        Winsock2 Service Provider DLLs:
        -------------------------------

        Namespace Service Providers

        HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
        000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
        000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
        000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

        Transport Service Providers

        HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
        0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
        %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
        %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


        Toolbars, Explorer Bars, Extensions:
        ------------------------------------

        Toolbars

        HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
        "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
        -> {HKLM...CLSID} = "Yahoo! Toolbar"
        • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.escom.net.pl 20.11.06, 18:55
          > zywam KOnekta zamiast gg i Opery.

          Link otworzyl sie w Operze? Jezeli tak to nie ma sie o co martwic.

          Miales to usunac w hjt wiec zrob to:
          HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
          "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
          -> {HKLM...CLSID} = "Yahoo! Toolbar"
          \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
          • Gość: scr Re: Proszę o sprawdzenie loga IP: *.bsk.vectranet.pl 21.11.06, 12:37
            Wszystko juz dziala OK. Dziekuje za pomoc.
      • Gość: scr Re: Proszę o sprawdzenie loga IP: *.bsk.vectranet.pl 20.11.06, 17:43
        [c.d.]

        Toolbars, Explorer Bars, Extensions:
        ------------------------------------

        Toolbars

        HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
        "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
        -> {HKLM...CLSID} = "Yahoo! Toolbar"
        \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

        Extensions (Tools menu items, main toolbar menu buttons)

        HKLM\Software\Microsoft\Internet Explorer\Extensions\
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
        "MenuText" = "Sun Java Console"
        "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
        -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
        \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
        -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
        \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


        Running Services (Display Name, Service Name, Path {Service DLL}):
        ------------------------------------------------------------------

        AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"]
        AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
        Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
        AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]


        ----------
        <<!>>: Suspicious data at a malware launch point.

        + This report excludes default entries except where indicated.
        + To see *everywhere* the script checks and *everything* it finds,
        launch it from a command prompt or a shortcut with the -all parameter.
        + The search for DESKTOP.INI DLL launch points on all local fixed drives
        took 37 seconds.
        --------
        • Gość: scr Re: Proszę o sprawdzenie loga IP: *.bsk.vectranet.pl 20.11.06, 18:07
          wszystko ok?
Pełna wersja