prosba o sprawdzenie loga
Przeskanowalem system hijack this. Bardzo prosze o doradzenie, co mozna wyrzucic. wszedlem na strone
http://www.hijackthis.de/en
Ale nie bardzo się mogę zorientować, co jest nie tak. Z góry dziękuję. A oto log
Logfile of HijackThis v1.98.2
Scan saved at 19:53:06, on 2005–12–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Ident Server\Identd.exe
J:\Program Files\Ahead\InCD\InCDsrv.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\Program Files\Eset\nod32krn.exe
J:\Program Files\Ahead\InCD\InCD.exe
J:\WINDOWS\System32\nvsvc32.exe
J:\WINDOWS\system32\CTHELPER.EXE
J:\Program Files\Eset\nod32kui.exe
J:\WINDOWS\System32\svchost.exe
J:\WINEYES\WESERV.EXE
J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
J:\Program Files\Winamp\winampa.exe
J:\WINEYES\wineyes.exe
J:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\AutoConnect\AutoConnect.exe
J:\Program Files\Pamela\pamela.exe
J:\Program Files\Skype\Phone\Skype.exe
J:\Program Files\NetPanel\NetPanel.exe
J:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
J:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
J:\WINEYES\SPEECH32.EXE
J:\WINEYES\GWM32.EXE
J:\WINEYES\bdisplay.exe
C:\totalcmd\TOTALCMD.EXE
J:\Program Files\FlashGet\flashget.exe
J:\WINDOWS\System32\dllhost.exe
C:\Program Files\MIRANDA IM\miranda32.exe
J:\WINDOWS\system32\notepad.exe
H:\eMule\eMule.exe
C:\Downloads\HijackThis.exe
J:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\The Bat!\thebat.exe
J:\Program Files\MyGate\mygate.exe
J:\Program Files\Winamp\Winamp.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: DIY! – {0A00D11E–B1E7–44b5–AD88–C9190876AAC4} – J:\WINDOWS\system32\diybar2\diybar2.dll
O2 – BHO: LinkFilter Class – {4022F902–ABC7–4C79–924F–BB26F1D355A2} – J:\WINDOWS\system32\diybar2\diybar2.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – J:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – J:\Program Files\NetPanel\IEHelper.dll
O3 – Toolbar: TextAloud – {F053C368–5458–45B2–9B4D–D8914BDDDBFF} – J:\PROGRA~1\TEXTAL~2\TAForIE.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: DIY! – {0A00D11E–B1E7–44b5–AD88–C9190876AAC4} – J:\WINDOWS\system32\diybar2\diybar2.dll
O4 – HKLM\..\Run: [CTStartup] J:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 – HKLM\..\Run: [UpdReg] J:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 – HKLM\..\Run: [InCD] J:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [nod32kui] "J:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [RemoteControl] "J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] J:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NetPanel] "J:\Program Files\NetPanel\Starter.exe" /path="J:\Program Files\NetPanel"
O4 – HKLM\..\Run: [CloneCDTray] "J:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 – HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [AutoConnect] J:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [Pamela.exe] "J:\Program Files\Pamela\pamela.exe"
O4 – HKCU\..\Run: [Skype] "J:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: DSLMON.lnk = J:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microtek Scanner Finder.lnk = J:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: Download with GetRight – J:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – J:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – J:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – J:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {3F686D91–4AFA–4ed1–B43F–F1DB46ED480C} – (no file)
O9 – Extra 'Tools' menuitem: Link Filter – {3F686D91–4AFA–4ed1–B43F–F1DB46ED480C} – (no file)
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – J:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – J:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {28E0FA88–ABA8–4937–A247–3031F1A11165} (Installer Class) – http://pi.51.net/download/diybar2.cab
O16 – DPF: {556DDE35–E955–11D0–A707–000000521957} – http://www.xblock.com/download/xclean_micro.exe
O16 – DPF: {65D72393–E210–4A2A–B8E0–10AC45986770} (GWebInstallControl Object) – http://netpanel.gemius.pl/netpanel2/WebInstaller.dll
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125830429531
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0841/4094/3290/2200/11_0841409432902200.ocx
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2157BD36–4CC7–4B02–9EEF–B6A23DACCAF9}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{2157BD36–4CC7–4B02–9EEF–B6A23DACCAF9}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: GWMHOOK.DLL
http://www.hijackthis.de/en
Ale nie bardzo się mogę zorientować, co jest nie tak. Z góry dziękuję. A oto log
Logfile of HijackThis v1.98.2
Scan saved at 19:53:06, on 2005–12–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Ident Server\Identd.exe
J:\Program Files\Ahead\InCD\InCDsrv.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\Program Files\Eset\nod32krn.exe
J:\Program Files\Ahead\InCD\InCD.exe
J:\WINDOWS\System32\nvsvc32.exe
J:\WINDOWS\system32\CTHELPER.EXE
J:\Program Files\Eset\nod32kui.exe
J:\WINDOWS\System32\svchost.exe
J:\WINEYES\WESERV.EXE
J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
J:\Program Files\Winamp\winampa.exe
J:\WINEYES\wineyes.exe
J:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\AutoConnect\AutoConnect.exe
J:\Program Files\Pamela\pamela.exe
J:\Program Files\Skype\Phone\Skype.exe
J:\Program Files\NetPanel\NetPanel.exe
J:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
J:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
J:\WINEYES\SPEECH32.EXE
J:\WINEYES\GWM32.EXE
J:\WINEYES\bdisplay.exe
C:\totalcmd\TOTALCMD.EXE
J:\Program Files\FlashGet\flashget.exe
J:\WINDOWS\System32\dllhost.exe
C:\Program Files\MIRANDA IM\miranda32.exe
J:\WINDOWS\system32\notepad.exe
H:\eMule\eMule.exe
C:\Downloads\HijackThis.exe
J:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\The Bat!\thebat.exe
J:\Program Files\MyGate\mygate.exe
J:\Program Files\Winamp\Winamp.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: DIY! – {0A00D11E–B1E7–44b5–AD88–C9190876AAC4} – J:\WINDOWS\system32\diybar2\diybar2.dll
O2 – BHO: LinkFilter Class – {4022F902–ABC7–4C79–924F–BB26F1D355A2} – J:\WINDOWS\system32\diybar2\diybar2.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – J:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – J:\Program Files\NetPanel\IEHelper.dll
O3 – Toolbar: TextAloud – {F053C368–5458–45B2–9B4D–D8914BDDDBFF} – J:\PROGRA~1\TEXTAL~2\TAForIE.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: DIY! – {0A00D11E–B1E7–44b5–AD88–C9190876AAC4} – J:\WINDOWS\system32\diybar2\diybar2.dll
O4 – HKLM\..\Run: [CTStartup] J:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 – HKLM\..\Run: [UpdReg] J:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 – HKLM\..\Run: [InCD] J:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [nod32kui] "J:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [RemoteControl] "J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] J:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NetPanel] "J:\Program Files\NetPanel\Starter.exe" /path="J:\Program Files\NetPanel"
O4 – HKLM\..\Run: [CloneCDTray] "J:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 – HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [AutoConnect] J:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [Pamela.exe] "J:\Program Files\Pamela\pamela.exe"
O4 – HKCU\..\Run: [Skype] "J:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: DSLMON.lnk = J:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microtek Scanner Finder.lnk = J:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: Download with GetRight – J:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – J:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – J:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – J:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {3F686D91–4AFA–4ed1–B43F–F1DB46ED480C} – (no file)
O9 – Extra 'Tools' menuitem: Link Filter – {3F686D91–4AFA–4ed1–B43F–F1DB46ED480C} – (no file)
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – J:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – J:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – J:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {28E0FA88–ABA8–4937–A247–3031F1A11165} (Installer Class) – http://pi.51.net/download/diybar2.cab
O16 – DPF: {556DDE35–E955–11D0–A707–000000521957} – http://www.xblock.com/download/xclean_micro.exe
O16 – DPF: {65D72393–E210–4A2A–B8E0–10AC45986770} (GWebInstallControl Object) – http://netpanel.gemius.pl/netpanel2/WebInstaller.dll
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125830429531
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0841/4094/3290/2200/11_0841409432902200.ocx
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2157BD36–4CC7–4B02–9EEF–B6A23DACCAF9}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{2157BD36–4CC7–4B02–9EEF–B6A23DACCAF9}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: GWMHOOK.DLL
Odpowiedzi: 1
"Dorada" znajduje sie tutaj –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Strona 1 / 1