Log i prośba wielka o sprawdzenie :)

Dla specjalistów Bezpieczeństwo
#1

witam :slight_smile: proszę o sprawdzenie tego loga:

Logfile of HijackThis v1.99.1

Scan saved at 20:00:52, on 2005-05-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\Cpqdiag\Cpqdfwag.exe

C:\Program Files\NavNT\defwatch.exe

C:\Athletic\interbase\bin\ibguard.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\fxssvc.exe

C:\Windows\Explorer.EXE

C:\Athletic\interbase\bin\ibserver.exe

C:\Windows\system32\MsgSys.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Compaq\EAB\EabServr.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ATMEL\802.11 Wireless LAN\WlanMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0415/bF8.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\Windows\system32\saristar.dll

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Configuration & Monitor Utility.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0AB40CCE-D384-4250-8FB0-87D865F5D1A4}: NameServer = 80.51.189.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{0AB40CCE-D384-4250-8FB0-87D865F5D1A4}: NameServer = 80.51.189.4

O20 - Winlogon Notify: NavLogon - C:\Windows\System32\NavLogon.dll

O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Athletic\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Athletic\interbase\bin\ibserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
#2

Znasz to?

Jeśli nie, usuń ręcznie ten plik DLL.

Reszta OK.

#3

to dialer-tak sie wlasnie nazywa -saristar.dll-koniecznie usun

#4

no to usuwam i pięknie dziękuję :slight_smile:

#5

usun ,a pozniej dla pewnosci raz jeszcze log wyslij na forum