Proszę o sprawdzenie LOGA


(system) #1

Proszę o sprawdzenie w wolnym czasie :slight_smile:

chyba jest niezły śmietnik :twisted:

Logfile of HijackThis v1.99.1

Scan saved at 08:26:59, on 2005-10-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

C:\WINNT\System32\cisvc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\inetsrv\inetinfo.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\WINNT\Explorer.EXE

C:\Program Files\KYE\WebScroll+ Eye Mouse\gnetmous.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINNT\explorer.exe

C:\Program Files\AutoCAD 2002 Plk\acad.exe

C:\WINNT\CDILLA64.EXE

C:\WINNT\System32\cidaemon.exe

C:\WINNT\System32\cidaemon.exe

D:\Michal\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez Nomi S.A.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.nomi.com.pl:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pli.pl;ifs;ksiega;info;;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: MyTotalSearch Search Assistant BHO - {00BD2861-C654-4694-A44A-98642D73247D} - C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: My &Total Search - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\WebScroll+ Eye Mouse\gnetmous.exe

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min

O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusearch.html?p=VNxmk14246US

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - http://pointa.autodesk.com/portal/lang/plk/InstFred.Ocx

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://lizaczki.sex.pl//d/nastolatki_v1a.exe

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/plk/InstBanr.Ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/update.CAB

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pli.pl

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA91F35C-E62D-4141-872A-FF35430FFFD2}: Domain = pli.pl

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA91F35C-E62D-4141-872A-FF35430FFFD2}: NameServer = 100.1.1.3,217.96.127.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pli.pl

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pli.pl

O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: SMS Hardware Inventory Agent Service - Unknown owner - C:\WINNT\MS\SMS\clicomp\hinv\hinv32.exe (file missing)

(Kuz5) #2

Usuń: (wszystko oczywiście robisz w trybie awaryjnym )

Pliki na czerwono usun ręcznie z dysku

Znasz to:


(system) #3

niestety nie znam :frowning:

oczywiście usuwam wszystko z Hijack’a ?


(Kuz5) #4

Hmm napewno to nic to nic groźnego

http://www.bleepingcomputer.com/filedb/ … 33468.html

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces SMS Hardware Inventory Agent Service

Tak

Usuwasz pliki na czerwono a nastepnie wpisy w HijackThis