Proszę o sprawdzenia loga HijackThis

Dla specjalistów Bezpieczeństwo
#1

oto log:

Logfile of HijackThis v1.99.0

Scan saved at 18:17:21, on 2005-02-07

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\MKS\Bin\mks_menu.exe

C:\Program Files\MKS\Bin\ABregmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\??rvices.exe

C:\Program Files\Realtek\Rtl8180\RtlWake.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Samurize\SamurizeServer.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\MKS\Bin\NetMonSV.exe

C:\Program Files\MKS\Bin\mksmonsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\DOCUME~1\Lewicki\USTAWI~1\Temp\Rar$EX00.626\AboutBuster\AboutBuster.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\FlashGet\flashget.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Lewicki\USTAWI~1\Temp\Rar$EX00.546\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lewicki\USTAWI~1\Temp\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lewicki\USTAWI~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.233.192.197:443

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: (no name) - {31F39EB5-3DBF-4D92-94B6-5223834AA55C} - C:\WINDOWS\System32\adih.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Phiodhl] C:\WINDOWS\System32\??rvices.exe

O4 - Startup: Server Default.lnk = C:\Program Files\Samurize\SamurizeServer.exe

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lewicki\Ustawienia lokalne\Temp\{E9D9F4D6-0281-41B6-8BD7-743B0FCEDD04}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RtlWake.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip\..\{63946E90-B752-43EF-8127-C45E67354C1E}: NameServer = 69.50.188.180,195.225.176.31

O17 - HKLM\System\CCS\Services\Tcpip\..\{84ABE32A-1EBE-4FF4-AB53-CB3D91EA48D7}: NameServer = 69.50.188.180,195.225.176.31

O18 - Filter: text/html - {A6FF053F-862E-4CE3-A55F-5F44D7D2312C} - C:\WINDOWS\System32\adih.dll

O18 - Filter: text/plain - {A6FF053F-862E-4CE3-A55F-5F44D7D2312C} - C:\WINDOWS\System32\adih.dll

O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file)

O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe

O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe

O23 - Service: MkS_Vir Monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Napewno wiele rzeczy się znajdzie bo system mi się sypie :? .

#2

Usun w trybie awarynjym:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lewicki\USTAWI~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lewicki\USTAWI~1\Temp\sp.dll/sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll

I mam watpliwosc co do:O4 - HKCU…\Run: [Phiodhl] C:\WINDOWS\System32??rvices.exe

Zainstaluj SP :slight_smile:

#3

masz Flashget`a. Dodam że on instaluje szpiega Cydoor. :?