Log do sprawdzenia

Dla specjalistów Bezpieczeństwo
#1

pomocy

:frowning:

Logfile of HijackThis v1.99.1

Scan saved at 15:46:16, on 2005-02-28

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Neostrada TP\taskbaricon.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\QuickTime\qttask.exe

C:\temp\salm.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Internet Optimizer\optimize.exe

C:\winnt\dezed.exe

C:\WINDOWS\System32\systime.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\systime.exe

C:\WINDOWS\System32\dktibs.exe

C:\WINDOWS\System32\dktibs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Documents and Settings\Adam.ADAM-5XUUHSE4ZV\Moje dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [salm] c:\temp\salm.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe”

O4 - HKLM…\Run: [dezed] c:\winnt\dezed.exe

O4 - HKLM…\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{5557AF0C-D56D-497F-A3E7-8C815ACB0323}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{5557AF0C-D56D-497F-A3E7-8C815ACB0323}: NameServer = 194.204.152.34 217.98.63.164

O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\lvnq0955e.dll

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#2

Koniecznie zainstaluj SP1 lub SP2

#3

wylacz przywracanie systemu i w trybie awaryjnym fixujesz:

C:\temp\salm.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\System32\systime.exe

C:\WINDOWS\System32\systime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts

O4 - HKLM…\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM…\Run: [salm] c:\temp\salm.exe

O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe”

O4 - HKLM…\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKCU…\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll

#4

To trojan więc kosz:

C:\winnt\dezed.exe

Tych jak nie znasz to też kosz:

C:\WINDOWS\System32\dktibs.exe

C:\WINDOWS\System32\dktibs.exe

#5

dziekie wielki za pomoc, naprawde udało sie :wink: :smiley: