Dodaj do ulubionych

bardzo prosze o sprawdzenie loga

IP: *.internetdsl.tpnet.pl 05.12.05, 18:57
Logfile of HijackThis v1.99.1
Scan saved at 18:50:28, on 2005-12-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1
\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1
\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QCTRAY] C:\Program
Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program
Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = semi.lokalna
O17 - HKLM\Software\..\Telephony: DomainName = semi.lokalna
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3C8364E-ECA3-4675-B2D7-
675D46F81B60}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32
\ibmpmsvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE


Bede wdzieczna za pomoc i wskazanie, co trzeba usunac.
Obserwuj wątek
    • Gość: k Re: bardzo prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 05.12.05, 19:34
      Zmien przegladarke na Opere, zamknij porty w wwdc.exe (znajdziesz na google)

      W hijackthis usun:

      O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe <- usun plik z dysku
      O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00001.exe" <- usun plik z dysku.

      I jeszcze skan tym:
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.
      • Gość: Agata Re: bardzo prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 06.12.05, 22:53
        Bardzo dziekuje za pomoc. K - kimkolwiek jestes, robisz tu swietna robote.
        Juz sporo'uprzatnelam', i Avast tak nie wyje. Pozostalo mi jeszcze zmienic
        przegladarke i zamknac porty. Ale zanim to zrobie intryguje mnie i niepokoi
        mala ikonka z prawej strony paska zadan, ktorej kiedys nie bylo. Jest to
        kopertka z niebieska kuleczka i jak sie na nia najedzie kursorem pokazuje
        adresy stron internetowych? lub cos w tym typie: mx.frontiernet.net,
        ms2.acns.fsu.edu i wiele tego typu. Jak sie tego pozbyc?
            • Gość: agata Re: bardzo prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 07.12.05, 16:52
              Oto moj log, zrobiony gdy pojawila sie ikonka. Oczywiscie na razie nadal uzywam
              IE, chce najpierw wszystko poczyscic.


              Logfile of HijackThis v1.99.1
              Scan saved at 16:45:34, on 2005-12-07
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\ibmpmsvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\System32\tp4mon.exe
              C:\WINDOWS\System32\RunDll32.exe
              C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
              C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
              C:\WINDOWS\System32\MMTrayLSI.exe
              C:\WINDOWS\System32\MMTray2k.exe
              C:\WINDOWS\System32\MMTray.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\WINDOWS\System32\ctfmon.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\WINDOWS\System32\QCONSVC.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              C:\Hijack\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.gazeta.pl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
              \SPYBOT~1\SDHelper.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
              c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
              files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
              O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
              O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1
              \pwrmonit.dll,StartPwrMonitor
              O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
              O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1
              \BatInfEx.dll,BMMAutonomicMonitor
              O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
              O4 - HKLM\..\Run: [QCWLICON] C:\Program
              Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
              O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
              O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
              O4 - HKLM\..\Run: [MMTray] MMTray.exe
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [Skype] "C:\Program
              Files\Skype\Phone\Skype.exe" /nosplash /minimized
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office\OSA9.EXE
              O8 - Extra context menu item: &Google Search - res://c:\program
              files\google\GoogleToolbar1.dll/cmsearch.html
              O8 - Extra context menu item: &Translate English Word - res://c:\program
              files\google\GoogleToolbar1.dll/cmwordtrans.html
              O8 - Extra context menu item: Backward Links - res://c:\program
              files\google\GoogleToolbar1.dll/cmbacklinks.html
              O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
              files\google\GoogleToolbar1.dll/cmcache.html
              O8 - Extra context menu item: Similar Pages - res://c:\program
              files\google\GoogleToolbar1.dll/cmsimilar.html
              O8 - Extra context menu item: Translate Page into English - res://c:\program
              files\google\GoogleToolbar1.dll/cmtrans.html
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = semi.lokalna
              O17 - HKLM\Software\..\Telephony: DomainName = semi.lokalna
              O17 - HKLM\System\CCS\Services\Tcpip\..\{D3C8364E-ECA3-4675-B2D7-675D46F81B60}:
              NameServer = 194.204.159.1,194.204.152.34
              O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll
              O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashMaiSv.exe" /service (file missing)
              O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashWebSv.exe" /service (file missing)
              O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32
              \ibmpmsvc.exe
              O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka