Bardzo proszę o sprawdzenie loga i z góry dziękuję


(Stachan) #1

Logfile of HijackThis v1.99.0

Scan saved at 12:16:50, on 2005-01-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINNT\explorer.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\PestPatrol\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\OpenOffice.org1.1\program\soffice.exe

C:\Program Files\Outlook Express\msimn.exe

\Mars\market\Market.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\market\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leclerc.com.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINNT\System32\wins32t.dll (file missing)

F2 - REG:system.ini: Shell=explorer.exe

O4 - HKLM..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe

O4 - HKLM..\RunOnce: [KB837272] "C:\WINNT\INF\unregmp2.exe" /UpdateWMP

O4 - HKLM..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

O4 - HKLM..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}

O4 - HKLM..\RunOnce: [MSKSSRV] RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}

O4 - HKLM..\RunOnce: [MPE0] rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINNT\INF\mpe.inf,BDAcodec

O4 - HKLM..\RunOnce: [sTREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINNT\INF\streamip.inf,BDAcodec

O4 - HKLM..\RunOnce: [sLIP0] rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINNT\INF\slip.inf,VBIcodec

O4 - HKLM..\RunOnce: [CCDECODE0] rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\CCDECODE.inf,CCDECODE.Interface.Install

O4 - HKLM..\RunOnce: [NABTSFEC0] rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\NABTSFEC.inf,NABTSFEC.Interface.Install

O4 - HKLM..\RunOnce: [WSTCODEC0] rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\WSTCODEC.inf,WSTCODEC.Interface.Install

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [Yupi] c:\progra~1\yupi\yupi.exe

O4 - HKCU..\Run: [FlyNotes.exe] "C:\Program Files\FlyNotes\FlyNotes.exe"

O4 - HKCU..\Run: [tapisys] C:\WINNT\System32\tss.exe

O4 - HKCU..\Run: [ie_org] C:\Program Files\Internet Organizer Pro 2\Ie_org_pro.EXE /run

O4 - HKCU..\Run: [Fryderyk 2004] C:\Program Files\Fryderyk 2004\fryderyk.exe

O4 - HKCU..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKCU..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKCU..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1\program\quickstart.exe

O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MARKET

O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Oracle\Ora81\BIN\ONRSD.EXE

O23 - Service: OracleWebAssistant0 - Oracle Corporation - C:\Oracle\Ora81\BIN\OWASTSVR.EXE

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe


(adpawl) #2

Usuń to w trybie awaryjnym...

potem jeszcze koniecznie skan pestpatrolem i spybotem. (oczywiście po zrobieniu update'a !!

linki: http://download.zonelabs.com/bin/free/p ... olHome.exe

http://download.softpedia.ro/software/A ... sd14b2.exe


(Stachan) #3

Logfile of HijackThis v1.99.0

Scan saved at 13:56:20, on 2005-01-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINNT\explorer.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\PestPatrol\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\OpenOffice.org1.1\program\soffice.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Documents and Settings\market\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leclerc.com.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe

O4 - HKCU..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKCU..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKCU..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MARKET

O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Oracle\Ora81\BIN\ONRSD.EXE

O23 - Service: OracleWebAssistant0 - Oracle Corporation - C:\Oracle\Ora81\BIN\OWASTSVR.EXE

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe


(adpawl) #4

I już dużo lepiej wygląda :wink:


(Stachan) #5

Po przeskanowaniu programikiem ETD Security Scanner dostałem coś takiego, co wkleiłem poniżej i mam pytanie skoro mój log Hijackiem zrobiony jest czysty to skąd taki zapis ze skanu ETD????? :o

*** ETD Security Scanner v3.0 Professional ***

*** Report generated at 2005-01-13 15:21:48 ***

Suspicious items found: 45

[- Item 1 -]

File name: C:\WINNT*.bat

CRC verified: No

Description: Win32.Swen.A / N/A

Product Name: Not defined

Product Version: Not defined

File Version: Not defined

File Description: Not defined

Private Build: Not defined

Special Build: Not defined

Company Name: Not defined

Internal Name: Not defined

Original FileName: Not defined

Legal Copyright: Not defined

Legal Trademarks: Not defined

Comments: Not defined

[- Item 2 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\typelib{01a9eb70-69bc-11d2-ab2f-204c4f4f5020}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 3 -]

Registry key: HKEY_CLASSES_ROOT\typelib{01a9eb70-69bc-11d2-ab2f-204c4f4f5020}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 4 -]

Registry key: HKEY_CLASSES_ROOT\TYPELIB{01a9eb70-69bc-11d2-ab2f-204c4f4f5020}

CRC verified: N/A

Description: CoolWebSearch / N/A

[- Item 5 -]

Registry key: HKEY_CLASSES_ROOT\interface{01a9eb7c-69bc-11d2-ab2f-204c4f4f5020}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 6 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\interface{01a9eb7c-69bc-11d2-ab2f-204c4f4f5020}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 7 -]

Registry key: HKEY_CLASSES_ROOT\Interface{01A9EB7C-69BC-11D2-AB2F-204C4F4F5020}

CRC verified: N/A

Description: CoolWebSearch / N/A

[- Item 8 -]

Registry key: HKEY_CLASSES_ROOT\interface{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CRC verified: N/A

Description: CWS_AnalyzeIE (Adware) / CWS_AnalyzeIE has the ability to hijack your Web searches...

[- Item 9 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\interface{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CRC verified: N/A

Description: CWS_AnalyzeIE (Adware) / CWS_AnalyzeIE has the ability to hijack your Web searches...

[- Item 10 -]

Registry key: HKEY_CLASSES_ROOT\CLSID{53707962-6F74-2D53-2644-206D7942484F}

CRC verified: N/A

Description: Spybot / N/A

[- Item 11 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}

CRC verified: N/A

Description: Spybot / N/A

[- Item 12 -]

Registry key: HKEY_CLASSES_ROOT\Component Categories{7DD95801-9882-11CF-9FA9-00AA006C42C4}

CRC verified: N/A

Description: PStopper / N/A

[- Item 13 -]

Registry key: HKEY_CLASSES_ROOT\Component Categories{7DD95802-9882-11CF-9FA9-00AA006C42C4}

CRC verified: N/A

Description: PStopper / N/A

[- Item 14 -]

Registry key: HKEY_CLASSES_ROOT\clsid{fde3577a-6254-181c-4e11-339e4f746bd3}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 15 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\clsid{fde3577a-6254-181c-4e11-339e4f746bd3}

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 16 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0

CRC verified: N/A

Description: Instant Access (Adware) / Instant Access is a Premium Rate Dialer....

[- Item 17 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist{75048700-ef1f-11d0-9888-006097deacf9}\count

CRC verified: N/A

Description: NGD Dialer (Adware) / NGD Dialer is a dialer that has the ability to hijack your modem and dial toll numbers that access paid...

[- Item 18 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU

CRC verified: N/A

Description: Coulomb Dialer / N/A

[- Item 19 -]

Registry key: HKEY_CLASSES_ROOT\clsid{e6fb5e20-de35-11cf-9c87-00aa005127ed}\inprocserver32

CRC verified: N/A

Description: myDoom (Trojan Horse) / myDoom / Novarg is a worm that has the ability to re-route connections on your computer...

[- Item 20 -]

Registry key: HKEY_CLASSES_ROOT\mailhook.mailto

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 21 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\mailhook.mailto

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 22 -]

Registry key: HKEY_LOCAL_MACHINE\software\classes\mailhook.mailto.1

CRC verified: N/A

Description: CWS_mailhook (Adware) / CWS_mailhook has the ability to hijack your Web searches...

[- Item 23 -]

File name: C:\Documents and Settings\market\Cookies\market@com[1].txt

CRC verified: No

Description: Com.com Cookie (Cookie) / Com.com is a cookie that tracks the unique visitors to a web site and their personal preferences....

Product Name: Not defined

Product Version: Not defined

File Version: Not defined

File Description: Not defined

Private Build: Not defined

Special Build: Not defined

Company Name: Not defined

Internal Name: Not defined

Original FileName: Not defined

Legal Copyright: Not defined

Legal Trademarks: Not defined

Comments: Not defined

[- Item 24 -]

Registry key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

CRC verified: N/A

Description: Alexa Toolbar / "Alexa's Toolbar Service improves your ability to use the Web. One of its most important features is Related Links, which tells you about websites that are "related" ...

[- Item 25 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: BoonPie / N/A

[- Item 26 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: CoolWebSearch / N/A

[- Item 27 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Jumpincowz IRC Vulnerability / N/A

[- Item 28 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Litmus / N/A

[- Item 29 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Lop / N/A

[- Item 30 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Sex Farm Gmbx / N/A

[- Item 31 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Trojan.Win32.Ilka32 / N/A

[- Item 32 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: UTWente-NL / N/A

[- Item 33 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.Agobot / N/A

[- Item 34 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.RBot / N/A

[- Item 35 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.SDBot / N/A

[- Item 36 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.C / N/A

[- Item 37 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.P / N/A

[- Item 38 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.RD-Bot Trojan / N/A

[- Item 39 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: XXOR / N/A

[- Item 40 -]

Registry key: HKEY_CURRENT_USER\software\softwrap

CRC verified: N/A

Description: Marketscore (Adware) / MarketScore is a proxy service which claims to increase the speed of your internet connection...

[- Item 41 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database

CRC verified: N/A

Description: Central-24 Dialer / N/A

[- Item 42 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database

CRC verified: N/A

Description: Connector Dialer / N/A

[- Item 43 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database

CRC verified: N/A

Description: EGroup Dialer / N/A

[- Item 44 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall

CRC verified: N/A

Description: CnsMin (Trojan Horse) / CnsMin is an IE Browser Helper Object that hijacks address-bar searches and replaces the IE search feature with a site written in Chinese....

[- Item 45 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Welcome

CRC verified: N/A

Description: Win32.Backdoor.Jeem / N/A


(Stachan) #6
Logfile of HijackThis v1.99.0

Scan saved at 16:41:41, on 2005-01-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Unable to get Internet Explorer version!


Running processes:

C:\WINNT\explorer.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\OpenOffice.org1.1\program\soffice.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

\Mars\market\Market.exe

c:\Program Files\PestPatrol\ppmemcheck.exe

c:\Program Files\PestPatrol\ppcontrol.exe

C:\Documents and Settings\market\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leclerc.com.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe

O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKCU\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU\..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MARKET

O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Oracle\Ora81\BIN\ONRSD.EXE

O23 - Service: OracleWebAssistant0 - Oracle Corporation - C:\Oracle\Ora81\BIN\OWASTSVR.EXE

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

adpawl dzięki


(Stachan) #7

oto aktualny log z dzisiaj:

Logfile of HijackThis v1.99.0

Scan saved at 09:46:59, on 2005-01-14

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINNT\explorer.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\PestPatrol\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\OpenOffice.org1.1\program\soffice.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

\Mars\market\Market.exe

C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe

C:\Documents and Settings\market\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leclerc.com.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe

O4 - HKCU..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKCU..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKCU..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MARKET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MARKET

O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Oracle\Ora81\BIN\ONRSD.EXE

O23 - Service: OracleWebAssistant0 - Oracle Corporation - C:\Oracle\Ora81\BIN\OWASTSVR.EXE

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe


(Musg) #8

wreszcie bardzo ladny log ,ale miales strasznie zapuszczony,oj latalo sie po wielu stronach i to w pracy ,ale jest ok :o