CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Proszę o pomoc i sprawdzenie loga

Proszę o pomoc i sprawdzenie loga

Proszę o pomoc i sprawdzenie loga:
Logfile of HijackThis v1.99.1
Scan saved at 21:45:38, on 2005–02–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavaj2re1.4.2_03injusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMicrosoft OfficeOfficeOSA.EXE
C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
C:Program FilesHPhpcoretechcomphptskmgr.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Documents and SettingsMZbUstawienia lokalneTempKatalog tymczasowy 4 dla hijackthis.zipHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {1E4F1FB5–0446–4736–ABF3–D7C713CF2009} – C:WINDOWSSystem32jnhi.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [HP Software Update] "C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe"
O4 – HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 – HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
O4 – HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 – HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 – HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNC
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – Global Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA.EXE
O4 – Global Startup: Wireless Configuration Utility.lnk = C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GINROULETTE Class) – http://gryonline.wp.pl/files/roulette_2_0_0_6.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_60.cab
O16 – DPF: {1F831FAC–42FC–11D4–95A6–0080AD30DCE1} (InstaFred) – file://C:Program FilesAutoCAD LT 2002 PlkInstFred.ocx
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_17.cab
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GINCHECKERS Class) – http://gryonline.wp.pl/files/checkers_2_0_0_6.cab
O16 – DPF: {70B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINBRIDGE Class) – http://gryonline.wp.pl/files/bridge_2_0_0_6.cab
O16 – DPF: {776290B9–F53C–4676–8DAF–3DBEFC297308} (GING358 Class) – http://gryonline.wp.pl/files/G358_2_0_0_6.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday) – file://C:Program FilesAutoCAD LT 2002 PlkAcDcToday.ocx
O16 – DPF: {80B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINTHOUSAND Class) – http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GINDEMON Class) – http://gryonline.wp.pl/files/demon_2_0_0_6.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GINBREAKOUT Class) – http://gryonline.wp.pl/files/breakout_2_0_0_6.cab
O16 – DPF: {AE56372C–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:Program FilesAutoCAD LT 2002 PlkInstBanr.ocx
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_11.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GameDesire Chess) – http://67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:Program FilesAutoCAD LT 2002 PlkAcPreview.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GINSNOOKER Class) – http://gryonline.wp.pl/files/snooker_2_0_0_6.cab
O17 – HKLMSystemCCSServicesTcpip..{9E68B54C–D7D9–43D4–9A25–ECD0A779C342}: NameServer = 194.204.159.1,192.168.216.1
O18 – Filter: text/html – {540DA993–593B–4009–990D–D90EFB07F933} – C:WINDOWSSystem32jnhi.dll
O18 – Filter: text/plain – {540DA993–593B–4009–990D–D90EFB07F933} – C:WINDOWSSystem32jnhi.dll
O20 – Winlogon Notify: Control Panel – C:WINDOWSsystem32h2j4lc1q1f.dll
O20 – Winlogon Notify: IntlRun – C:WINDOWSsystem32kt8ml7l11.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:Program FilesNorton Internet SecurityISSVC.exe
O23 – Service: MkS_Scan – Unknown owner – C:Program FilesMKSBinmks_scan.exe (file missing)
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe

Odpowiedzi: 5

Opis solucji "UMonitor error" –> http://www.mredkj.com/tutorials/tipswin.html
Kill2Me lub VX2 Cleaner sciagnij.
EL NINO
Dodano
25.02.2005 13:51:52
program się przydał bo wyczyścił mi troszkę rejestry za podpowiedź dzięki, ale niestety te komunikaty pojawiają się nadal. Moźe ktoś ma jeszcze jakiś pomysł!!!!! Dzięki z góry za dobre rady. :idea:
ZbM
Dodano
24.02.2005 21:24:39
Zainstaluj program–
Registry Mechanic i jak zainstalujesz to Full Scan
A programu poszukaj na www.google.pl
mattrex1
Dodano
24.02.2005 15:04:42
Dzięki za dobrą radę, ale mam jeszcze jeden proble moźe tagźe mi pomoźesz przy uruchomieniu windowsa pojawia się komunikat
RUNDLL
podczas próby uruchomienia "C:/windows/system32/róźne pliki.dll,UMonitor" wystąpił błąd wyjątkowy
nie wiem o co chodzi, jak to coś zlikwidować.
ZbM
Dodano
23.02.2005 13:16:47
Wyrejestrowujesz nastepujace dlle:jnhi.dll, h2j4lc1q1f.dll, kt8ml7l11.dll (regsvr32 /u i tu pelna sciezka dostepu do pliku).I pozbywasz sie ich z dysku. Na koniec fixujesz ponizsze pozycje:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {1E4F1FB5–0446–4736–ABF3–D7C713CF2009} – C:WINDOWSSystem32jnhi.dll
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O18 – Filter: text/html – {540DA993–593B–4009–990D–D90EFB07F933} – C:WINDOWSSystem32jnhi.dll
O18 – Filter: text/plain – {540DA993–593B–4009–990D–D90EFB07F933} – C:WINDOWSSystem32jnhi.dll
O20 – Winlogon Notify: Control Panel – C:WINDOWSsystem32h2j4lc1q1f.dll
O20 – Winlogon Notify: IntlRun – C:WINDOWSsystem32kt8ml7l11.dll
wins
Dodano
23.02.2005 01:50:23
ZbM
Dodano:
22.02.2005 23:19:57
Komentarzy:
5
Strona 1 / 1