Log - Kamci do analizy

Kamcia_18 · 12 Kwiecień 2005 19:53

Logfile of HijackThis v1.99.0

Scan saved at 21:53:10, on 2005-04-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NetLimiter\NetLimiter.exe

C:\Program Files\EPOX\USDM\USDM.EXE

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\eScan\TRAYICOS.EXE

C:\PROGRA~1\eScan\TRAYESER.EXE

C:\PROGRA~1\eScan\MAILDISP.EXE

C:\PROGRA~1\eScan\TRAYSSER.EXE

C:\PROGRA~1\eScan\ESERV.EXE

C:\PROGRA~1\eScan\avpm.exe

C:\PROGRA~1\eScan\AVPMWrap.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\PROGRA~1\eScan\SPOOLER.EXE

C:\PROGRA~1\eScan\MAILSCAN.EXE

C:\PROGRA~1\eScan\kavss.exe

C:\PROGRA~1\eScan\AvpM.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Program Files\Opera\opera.exe

C:\totalcmd44\TOTALCMD.EXE

C:\Program Files\Tlen.pl\tlen.exe

D:\CD_Xx\CDRW_Xx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.101.250:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM…\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM…\Run: [EPoXUSDM] “C:\Program Files\EPOX\USDM\USDM.EXE” “5000”

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [MailScan Dispatcher] “C:\Program Files\eScan\LAUNCH.EXE”

O4 - HKLM…\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App

O4 - HKLM…\Run: [eScan Install-checker] C:\WINDOWS\system32\eInstall.exe

O4 - HKLM…\Run: [eScan Server] C:\PROGRA~1\eScan\ESERV.EXE /App

O4 - HKLM…\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: SysInfoMyWork.lnk = C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

O4 - Global Startup: SurfinGuard Pro.lnk = C:\Program Files\Finjan\SurfinGuard Pro\bin\winsfcm.exe

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra ‘Tools’ menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O10 - Broken Internet access because of LSP provider ‘mwtsp.dll’ missing

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O20 - AppInit_DLLs: fhook.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: eScan Management-Console - MWTI2 - C:\PROGRA~1\eScan\TRAYESER.EXE

O23 - Service: eScan Server-Updater - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE

O23 - Service: eScan Monitor Service - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe

O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe

O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

detektyw · 12 Kwiecień 2005 19:56

ok 8)

boczi · 12 Kwiecień 2005 20:00

IMHO powinnaś naprawić ten wpis:

O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing

A to:

O20 - AppInit_DLLs: fhook.dll

Używasz programu SurfinShield?

Kamcia_18 · 12 Kwiecień 2005 20:10

to sa zmienne eScan AVK 2003h

wiec i tak powroca

nawet po LSP-Fix

sprawdzalam to

eScan je robi dla przekierowania falszywych

na serwerze no i u mnie

takie cos mam

Finjan SurfinGuard

boczi · 12 Kwiecień 2005 20:12

Tak, no to wszystko jest OK.

Gutek · 12 Kwiecień 2005 20:24

Proszę o LOG z hijackthis 1.99.1 :-P, a jeżeli naprawde coś Ciebie martwi to LOG z Silent Runners

Kamcia_18 · 12 Kwiecień 2005 20:32

Logfile of HijackThis v1.99.1

Scan saved at 22:27:18, on 2005-04-12