Prośba o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Bardzo proszę o sprawdzenie loga.

Z góry dzięki za pomoc :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 20:14:39, on 2005-11-03

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\ASTON\ASTON.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE

C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE

C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE

C:\PROGRAM FILES\AUTOCONNECT\AUTOCONNECT.EXE

C:\WINDOWS\PTSNOOP.EXE

C:\WINDOWS\SYSTEM\CMMPU.EXE

C:\PROGRAM FILES\POPTRAY\POPTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\JETICO\BCWIPE\BCRESIDENT.EXE

C:\WINDOWS\INTEGRATOR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\OPERA\OPERA.EXE

C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.474\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F1 - win.ini: load=ptsnoop.exe

F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe

O1 - Hosts: 207.46.198.60 www.microsoft.com

O1 - Hosts: 207.46.250.115 windows.microsoft.com

O1 - Hosts: 64.236.24.28 www.cnn.com

O1 - Hosts: 212.77.100.101 www.wp.pl

O1 - Hosts: 80.15.238.104 www.nasa.gov

O1 - Hosts: 205.180.86.14 media.fastclick.net

O1 - Hosts: 209.11.45.139 web.whenu.com

O1 - Hosts: 213.180.130.203 szukaj.onet.pl

O1 - Hosts: 204.8.221.66 www.skaneronline.mks-vir.pl

O1 - Hosts: 66.102.11.99 pagead2.googlesyndication.com

O1 - Hosts: 217.17.44.207 skaner.mks.com.pl

O1 - Hosts: 217.17.44.208 www.mks-vir.com.pl

O1 - Hosts: 212.113.174.13 www.tvcabo.pt

O1 - Hosts: 66.152.98.202 www.holersoft.net

O1 - Hosts: 207.188.7.44 forms.real.com

O1 - Hosts: 69.59.147.164 www2.ishareit.com

O1 - Hosts: 64.15.205.205 dbbsrv.com

O1 - Hosts: 82.135.148.74 popup.loveseeking.com

O1 - Hosts: 207.97.199.152 www.exactsearchbar.com

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min

O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [AstonShellDoctor] shDoctor.exe check

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKCU\..\Run: [AutoConnect] C:\PROGRAM FILES\AUTOCONNECT\AUTOCONNECT.EXE

O4 - HKCU\..\Run: [DS Clock] C:\PROGRAM FILES\DS CLOCK\DSCLOCK.EXE

O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe

O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

#2

start do trybu awaryjnego i usuń hijackiem wpisy

#3

Bardzo dziękuję za pomoc

adviser1