Prośba o sprawdzenie log'a

Dla specjalistów Bezpieczeństwo
#1

Prosze o sprawdzenie mojego loga, nie wiem czy wszystko jest dobrze, bo się na tym zbytnio nie znam…

Logfile of HijackThis v1.99.0

Scan saved at 14:02:37, on 2005-04-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

e:\Avast4\aswUpdSv.exe

e:\Avast4\ashServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\usr\MYSQL\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

e:\Avast4\ashMaiSv.exe

e:\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

E:\NetMeter\NetMeter.exe

C:\Program Files\Gadu-Gadu\gg.exe

E:\Skype 1.1.0.79\Skype.exe

E:\Winamp 5.08\winamp.exe

C:\usr\Krasnal Start.exe

c:\usr\Apache\apache.exe

c:\usr\mysql\bin\winmysqladmin.exe

c:\usr\SMTP Server\localsrv.exe

c:\usr\Apache\apache.exe

E:\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4785

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4785

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.117;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [eDonkey2000] G:\eDonkey2000\eDonkey2000.exe -t

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [E] E:\NetMeter\NetMeter.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download Flash with Flash Capture - e:\Flash Capture\dl.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6860630F-51CC-4CA3-B925-7C1631A48A4E}: NameServer = 194.204.159.1,184.204.152.34

O23 - Service: avast! iAVS4 Control Service - Unknown - e:\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - e:\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - e:\Avast4\ashWebSv.exe

O23 - Service: MySql - Unknown - c:\usr/MYSQL/bin/mysqld.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
#2

Przenosze >> Bezpieczeństwo…

#3

wylacz przywracanie systemu, w trybie awaryjnym fixujesz:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4785

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4785

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

do poniższych używasz:

http://www.cexx.org/lspfix.htm

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

potem skan:

Ad-Aware:

http://dobreprogramy.pl/index.php?dz=2&id=107&t=55

SpyBot Search&Destroy:

http://dobreprogramy.pl/index.php?dz=2&id=188&t=55

PestPatrol:

http://www.idg.pl/ftp/pobierz/pc/3538.html

Skanery:

MKS:

http://skaner.mks.com.pl/

Symantec:

http://security.symantec.com/sscv6/defa … &venid=sym

Panda:

http://www.pandasoftware.com/activescan … IdPais=152

#4

pdaj na forum co znalazł Ci program:

Lsp-fix

podpowiemy Ci co masz usunąć!

#5

Lsp-fiz znalazł:

mswsock.dll TCP/IP

winrnr.dll NTDS

newdotnet6_38.dll Nee.net Name Space Provider

rsvpsp.dll [protocol handler]

Który mam wywalić ??

#6

wywal! !!

Reszta zostaje :slight_smile:

#7

Dziękuję za pomoc:)