Confirm

Dla specjalistów Bezpieczeństwo
#61 
StartupList report, 06/12/2005, 01:46:13

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Jacek Parzyszek\Ustawienia lokalne\Temp\HijackThis.EXE

Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================


Running processes:


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Jacek Parzyszek\Ustawienia lokalne\Temp\HijackThis.exe


--------------------------------------------------


Listing of startup folders:


Shell folders Common Startup:

[C]

DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE


--------------------------------------------------


Checking Windows NT UserInit:


[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


KonektorTP = "c:\program files\konektortp\konektortp.exe" tray

WOOWATCH = C:\PROGRA~1\Wanadoo\Watch.exe

WOOTASKBARICON = C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe

PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

Spamihilator = "C:\Program Files\Spamihilator\spamihilator.exe"


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*


Shell & screensaver key from Registry:


Shell=explorer.exe 

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*


Policies Shell key:


HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*


--------------------------------------------------



Enumerating Browser Helper Objects:


SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}


--------------------------------------------------


Enumerating Task Scheduler jobs:


XoftSpy.job


--------------------------------------------------


Enumerating Download Program Files:


[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


[{556DDE35-E955-11D0-A707-000000521957}]

CODEBASE = http://www.xblock.com/download/xclean_micro.exe


[{6CB5E471-C305-11D3-99A8-000086395495}]

CODEBASE = http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab


[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab


[ASquaredScanForm Element]

InProcServer32 = C:\WINDOWS\DOWNLO~1\axscan.ocx

CODEBASE = http://www.windowsecurity.com/trojanscan/axscan.cab


[Virtools WebPlayer Class]

InProcServer32 = C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx

CODEBASE = http://player.virtools.com/downloads/player/Install3.0/Installer.exe


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab


[MainControl Class]

InProcServer32 = C:\WINDOWS\System32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: %system%\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll


--------------------------------------------------

End of report, 6 127 bytes

Report generated in 0,125 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only

Logfile of HijackThis v1.99.1

Scan saved at 01:44:26, on 06/12/2005

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Jacek Parzyszek\Ustawienia lokalne\Temp\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
#62

to usun i masz czysto

zainstaluj koniecznie zabezpieczenia anty

i sp2 tez sie przyda

:smiley:

#63

to znaczy jak? tak jak wcześniej z awaryjnego i co dalej odinstalować?Możesz wejść na forum problemy i zobaczyć post awaria w połączeniu ze stroną dobre programy?Jak mam się do tego f-2 reg dostać?z hijackthis?

#64

ciachnij bez awaryjnego (wylacz tylko przywracanie systemu)

i po robocie

:smiley:

#65

Skasowałem to :slight_smile: przesyłam aktualny skan.Dziękuję za pomoc w usunęciu wirusów i zapraszam na stronęLogfile of HijackThis v1.99.1

Scan saved at 21:50:38, on 06/12/2005

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Ajt Soft\Słownik\AP.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Jacek Parzyszek\Ustawienia lokalne\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM…\Run: [KonektorTP] “c:\program files\konektortp\konektortp.exe” tray

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [spySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /startintray

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [spamihilator] “C:\Program Files\Spamihilator\spamihilator.exe”

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= … lcid=0x409

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1 … gleNav.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 … scan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl … taller.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{9393EA44-6BFC-47AD-BDF1-59E582EFB2DD}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Problemy temat jak wyżej :smiley:

#66

Log masz czysty :wink: