CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo HiJackThis – analiza

HiJackThis – analiza

Czy ktoś by mógł zobaczyć czy wszystko ok jest z tym logiem? z góry dzięki :)

Oto log

Logfile of HijackThis v1.97.7
Scan saved at 13:31:54, on 2004–09–18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32CTHELPER.EXE
C:PROGRA~1A4TechMouseAmoumain.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesLogitechiTouchiTouch.exe
C:Program FilesWinampwinampa.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
C:Program FilesNorton SystemWorksPassword ManagerAcctMgr.exe
C:Program FilesD–Toolsdaemon.exe
C:Program FilesWebrootAccelerateaccelerate.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:Program FilesCyboorAdCyboorAd.exe
C:PROGRA~1DAPDAP.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb–8876480.exe
C:Program FilesMSIPC Alert 4PCAlert4.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
F:Iwona 2IwonaSystem syntezy mowy ozmowy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:PROGRA~1NORTON~2NORTON~3GHOSTS~2.EXE
C:Program FilesNorton Internet Security ProfessionalNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
F:Iwona 2IwonaSystem syntezy mowysynteza_DDE_klient.exe
C:PROGRA~1NORTON~2NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusSAVScan.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
G:InternetHijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusNavShExt.dll
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32MSDXM.OCX
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet Security ProfessionalUrlLstCk.exe
O4 – HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1NORTON~1AdvToolsADVCHK.EXE
O4 – HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [GhostStartTrayApp] C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe
O4 – HKLM..Run: [AcctMgr] C:Program FilesNorton SystemWorksPassword ManagerAcctMgr.exe /startup
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [Accelerate] C:Program FilesWebrootAccelerateaccelerate.exe /S
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [eDonkey2000] "G:eDonkey2000edonkey2000.exe" –t
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [CyboorAd] c:Program FilesCyboorAdCyboorAd.exe
O4 – HKLM..Run: [DownloadAccelerator] C:PROGRA~1DAPDAP.EXE /STARTUP
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb–8876480.exe
O4 – HKCU..Run: [Symantec NetDriver Monitor] C:PROGRA~1SymantecLIVEUP~1SNDMon.EXE
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – Startup: Rozmowa.lnk = F:Iwona 2IwonaSystem syntezy mowy ozmowy.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 – Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert 4PCAlert4.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {3E68E405–C6DE–49FF–83AE–41EE9F4C36CE} (Office Update Installation Engine) – http://office.microsoft.com/officeupdate/content/opuc.cab
O16 – DPF: {525A15D0–4938–11D4–94C7–0050DA20189B} (SnoopyCtrl Class) – http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.0570833333
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab

Odpowiedzi: 4

Skad wiesz ze Spyboot, skoro go nie widac ?
EL NINO
Dodano
23.09.2004 23:03:50
Prosze niech ktoś sprawdzi mój skan z Hijackthis:
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSExplorer.EXE
D:Program FilesInternet ExplorerIEXPLORE.EXE
D:ProgramyhijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:ProgramyNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:ProgramyNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ccApp] D:Program FilesCommon FilesSymantec SharedccApp.exe
O4 – HKLM..Run: [Advanced Tools Check] D:ProgramyNORTON~1AdvToolsADVCHK.EXE
O4 – HKLM..Run: [SCANINICIO] "D:ProgramyPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "D:ProgramyPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [NeroCheck] D:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Skype] "D:ProgramySkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [Gadu–Gadu] "D:Program FilesGadu–Gadugg.exe" /tray
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:WINDOWSweb elated.htm
O12 – Plugin for .pdf: D:Program FilesInternet ExplorerPLUGINS ppdf32.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{64C5D194–1457–4899–A188–F4054B94FBDB}: NameServer = 192.168.33.254,194.204.159.1

z góry wielkie dzięki!!!!!!!!
juhg
Dodano
23.09.2004 22:27:58
jusched.exe to proces javy Suna a mozna wylaczyc jego start w msconfigu. Nie bedzie sprawdzal czy sa uaktualnienia.
CTHELPER.EXE to plugin Creative
UpdReg.EXE to po prostu "przypominacz" o rejestracji Creative
itd..
Jedynym plikiem ktorego nalezy sie pozbyc jest CyboorAd.exe ktory:
Program Name CyboorAd.exe A program running on your computer, which either attempted to send an IP packet over the Internet or is waiting for an incoming packet.
(...)
Connect Type Access This value can be either Access, which is an Internet connection attempt by CyboorAd.exe or Server, which indicates that CyboorAd.exe is waiting for connections coming in from the Internet.
Remote Port 53 The port CyboorAd.exe is using on the remote computer.
Remote IP Address 207.69.188.187 The IP address of the remote computer that caused the alert.
...jak mowi firewall.
EL NINO
Dodano
18.09.2004 16:34:29

C:Program FilesJavaj2re1.4.2_05injusched.exe
C:Program FilesCyboorAdCyboorAd.exe
C:Program FilesMessengermsmsgs.exe
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [CyboorAd] c:Program FilesCyboorAdCyboorAd.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)

Co do cydoor to moze przestac dzialac dap. Wpisy dotyczace messengera usuwasz tylko jesli go nie uzywasz.
wins
Dodano
18.09.2004 15:57:50
Fenix123
Dodano:
18.09.2004 15:33:17
Komentarzy:
4
Strona 1 / 1