CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo prosze o sprawdzenie loga, mam czarny puplit warning

prosze o sprawdzenie loga, mam czarny puplit warning

Logfile of HijackThis v1.99.1
Scan saved at 08:51:12, on 2005–02–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:Program FilesMKSBinNetMonSV.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32NMSSvc.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSSystem32PROMon.exe
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinABregmon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32??rvices.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsNowakUstawienia lokalneTempKatalog tymczasowy 1 dla hijackthis[1].zipHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://morwillsearch.com/?adv_id=fish&sub_id=
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://morwillsearch.com/?adv_id=fish&sub_id=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://morwillsearch.com/?adv_id=fish&sub_id=
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.tpnet.pl:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {3FA46D7B–944A–5BC6–8705–6C557E812F34} – C:WINDOWSSystem32ilyzpry.dll (file missing)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [Soltek] C:WINDOWSSystem32autorun.exe
O4 – HKLM..Run: [PROMon.exe] PROMon.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb06.exe
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 – HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "D:Gadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1024.dll,InstantAccess
O4 – HKCU..Run: [Wmti] C:Documents and SettingsNowakDane aplikacjienal.exe
O4 – HKCU..Run: [Zgaocx] C:WINDOWSSystem32??rvices.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – Startup: Podłączanie dysków sieciowych.bat
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.morwillsearch.com
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4430/mcfscan.cab
O17 – HKLMSystemCCSServicesTcpip..{BEC17887–D307–4E87–8A3D–FFBC9C5DEB9E}: NameServer = 195.205.141.3,195.205.141.5,194.204.159.1
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:Program FilesMKSBinNetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:Program FilesMKSinMkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:Program FilesMKSBinmksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:Program FilesMKSBinmks_scan.exe
O23 – Service: Netropa NHK Server (nhksrv) – Unknown owner – C:Program FilesNetropaMultimedia Keyboard hksrv.exe
O23 – Service: Intel(R) NMS (NMSSvc) – Intel Corporation – C:WINDOWSSystem32NMSSvc.exe

Odpowiedzi: 1

Usuwasz:

C:WINDOWSSystem32??rvices.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://morwillsearch.com/?adv_id=fish?_id=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://morwillsearch.com/?adv_id=fish?_id=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://morwillsearch.com/?adv_id=fish?_id=
O2 – BHO: (no name) – {3FA46D7B–944A–5BC6–8705–6C557E812F34} – C:WINDOWSSystem32ilyzpry.dll (file missing)
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1024.dll,InstantAccess
O4 – HKCU..Run: [Zgaocx] C:WINDOWSSystem32??rvices.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O15 – Trusted Zone: *.morwillsearch.com

Jesli tego nie znasz, rowniez usuwasz:

O4 – HKCU..Run: [Wmti] C:Documents and SettingsNowakDane aplikacjienal.exe

Znajdziesz w tym dziale posty o "czarnym ekranie".

EL NINO

Dodano: 21.02.2005 10:27:49

kyniu

Dodano:: 21.02.2005 09:55:14
Komentarzy:: 1

Strona 1 / 1