Spr loga

Dla specjalistów Bezpieczeństwo
#1

Witam

Będę wdzięczny za sprawdzenie loga.

Z góry dzięki.

Logfile of HijackThis v1.99.0

Scan saved at 20:25:21, on 2005-03-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\KerioPersonalFirewall\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

D:\KerioPersonalFirewall\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\KerioPersonalFirewall\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Instalki\Sprawdzenie LOG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\iMesh5\iMeshBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

O4 - HKLM…\Run: [AVK Mail Checker] “C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE”

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3710672139

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - D:\KerioPersonalFirewall\Personal Firewall 4\kpf4ss.exe

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - D:\TuneUp\WinStylerThemeSvc.exe

#2

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\iMesh5\iMeshBHO.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

#3

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Lub programem Xp-AntiSpy PL

Start=>Uruchom=>Wpisz polecenie msconfig=>Zakładka Uruchamianie i odchacz:

NeroCheck

#4

kosmetyka ,ale to tez mozesz wywalic:

Start > programy > autostart /i usuwasz/ Microsoft Office

#5

To jest szpiegus od Imesha jego skasowanie jest niezgodne z licencją używania programu. I tak po jego wykasowaniu prawdopodobnie nie uruchomisz tego programu.