PROSZE o SPrawdzenie tego loga

Dla specjalistów Bezpieczeństwo
#1

Witam!

Jestem tu nowy i ostatnio mam problemy z kompem, dlatego tez zwracam sie do Was z prosba o pomoc tzn sprawdzenie loga z hijacka i porady co trzeba usunac a co mozna by system stabilnie pracowal. D+odatkowo mam pytanie dotyczace sp2 ile to zajmuje miejsca, skad moge to sciagnac i gdzie trzeba to instalowac, czy w katalogu Windows czy poprostu na twardym?

Logfile of HijackThis v1.99.1

Scan saved at 17:21:05, on 03/08/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RunDll32.exe

G:\bhp\ZoneAlarm\zlclient.exe

G:\rozne ciekawe\keyboardEx 215\keyboardex_tray.exe

G:\bhp\PestPatrol\PPMemCheck.exe

C:\java\bin\jusched.exe

C:\Program Files\AdTools Service\AdTools.exe

C:\DOCUME~1\Bartek\USTAWI~1\Temp\SAHAGE~1.EXE

C:\Program Files\AdTools Service\AdToolsKeep.exe

G:\komunikacja\gg\gg.exe

C:\WINDOWS\System32\ctfmon.exe

G:\internetowe\GetRight\getright.exe

G:\internetowe\GetRight\getright.exe

C:\program files\internet explorer\iexplore.exe

G:\internetowe\Mozilla firefox\firefox.exe

G:\internetowe\SlimBrowser\sbrowser.exe

G:\bhp\hijack\HijackThis.exe


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\programy\adobe reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6BA86774-B240-2FCB-8E57-65550FA42918} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Zone Labs Client] "G:\bhp\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [KeyboardEx] G:\rozne ciekawe\keyboardEx 215\keyboardex_tray.exe

O4 - HKLM\..\Run: [PPMemCheck] "G:\bhp\PestPatrol\PPMemCheck.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\java\bin\jusched.exe

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Bartek\USTAWI~1\Temp\SAHAGE~1.EXE run

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce

O4 - HKCU\..\Run: [Gadu-Gadu] "G:\komunikacja\gg\gg.exe" /tray

O4 - HKCU\..\Run: [Zegarynka] E:\zegarynka\Zegarynka.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = G:\internetowe\GetRight\getright.exe

O4 - Global Startup: Microsoft Office.lnk = G:\programy\office\Office\OSA9.EXE

O8 - Extra context menu item: Download with GetRight - G:\internetowe\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - G:\internetowe\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge-c46.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.exe

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#2

Wszystko o Service Pack 2: http://www.xp.net.pl

Co do loga:

Usuń:

C:\Program Files\AdTools Service\AdTools.exe

   	C:\DOCUME~1\Bartek\USTAWI~1\Temp\SAHAGE~1.EXE

   	C:\Program Files\AdTools Service\AdToolsKeep.exe

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)

   	O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

   	O2 - BHO: (no name) - {6BA86774-B240-2FCB-8E57-65550FA42918} - (no file)

   	O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

   	O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe  	 

   	O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Bartek\USTAWI~1\Temp\SAHAGE~1.EXE run

   	O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge -c46.cab

   	O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitia lSetup1.0.0.8.exe

   	O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

Usuwaj w trybie awaryjnym z wył. przywracaniem:

#3

Usuń jeszcze to:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)

Możesz wyłączyć CTFMON.EXE: Panel sterowania => Opcje regionalne=> Języki => Szczegóły => Zaawansowane => zaznaczasz wyłącz zaawansowane usługi tekstowe