CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prośba o sprawdzenie loga

Prośba o sprawdzenie loga

jw.:Logfile of HijackThis v1.99.0
Scan saved at 20:54:59, on 05–02–03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESEXECUTIVE SOFTWAREDISKEEPERDKSERVICE.EXE
C:PROGRAM FILESSYGATESPFSMC.EXE
C:PROGRAM FILESESETNOD32KRN.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMRPCSS.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
D:PROGRAM FILESWINAMPWINAMPA.EXE
C:PROGRAM FILESCREATIVESHAREDLLCTNOTIFY.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESCREATIVEAUDIOPROGRAMCTMIX32.EXE
C:PROGRAM FILESCREATIVESHAREDLLMEDIADET.EXE
C:PROGRAM FILESESETNOD32KUI.EXE
D:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMSR64NOOKLHMD.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESMYIE2MYIE.EXE
C:WINDOWSPULPITNARZęDZIAHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F1 – win.ini: load=C:MEDIA95vi_grm.exe
F1 – win.ini: run=hpfsched
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRAM FILESFLASHGETFGIEBAR.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.ExE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Necutray] NECUTRAY.EXE
O4 – HKLM..Run: [WinampAgent] D:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [Disc Detector] C:Program FilesCreativeShareDLLCtNotify.exe
O4 – HKLM..Run: [CreativeMixer] C:Program FilesCreativeAudioPROGRAMCTMIX32.EXE /t
O4 – HKLM..Run: [0+ź]m*aigY] C:XNPPILBY.EXE
O4 – HKLM..Run: [0 44}ś5]C:Program FilesISTsvcistsvc.exe] C:XNPPILBY.EXE
O4 – HKLM..Run: [0+ź]m*aiC:Program FilesISTsvcistsvc.exe] C:XNPPILBY.EXE
O4 – HKLM..Run: [SmcService] C:PROGRA~1SYGATESPFSMC.EXE –startgui
O4 – HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [DkService] C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O4 – HKLM..RunServices: [SmcService] C:PROGRAM FILESSYGATESPFSMC.EXE
O4 – HKLM..RunServices: [NOD32kernel] "C:Program FilesEset od32krn.exe"
O4 – HKCU..Run: [Gadu–Gadu] "D:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..RunServices: [Gadu–Gadu] "D:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download using FlashGet – C:PROGRAM FILESFLASHGETjc_link.htm
O8 – Extra context menu item: Download All by FlashGet – C:PROGRAM FILESFLASHGETjc_all.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:Program FilesIrfanViewEbayEbay.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRAM FILESFLASHGETFLASHGET.EXE
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRAM FILESFLASHGETFLASHGET.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSYSTEMMSJAVA.DLL
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSYSTEMMSJAVA.DLL
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab

Odpowiedzi: 2

Dziękuję ELNINO :D
jamosa
Dodano
03.02.2005 23:44:00
Pozbywasz sie tego i z loga i z dysku:


C:WINDOWSSYSTEMSR64NOOKLHMD.EXE
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O4 – HKLM..Run: [0+ź]m*aigY] C:XNPPILBY.EXE
O4 – HKLM..Run: [?0
44}ś5]C:Program FilesISTsvcistsvc.exe] C:XNPPILBY.EXE
O4 – HKLM..Run: [?0+ź]m*aiC:Program FilesISTsvcistsvc.exe] C:XNPPILBY.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:Program FilesIrfanViewEbayEbay.htm
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
EL NINO
Dodano
03.02.2005 22:20:22
jamosa
Dodano:
03.02.2005 21:57:05
Komentarzy:
2
Strona 1 / 1