Proszę o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 09.02.05, 20:14
Co mam wywalić? A góry dzieki za pomoc

Logfile of HijackThis v1.99.0
Scan saved at 20:13:35, on 2005-02-09
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_mail.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\CTFMON32.EXE
C:\WINDOWS\System32\CSRSSU.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Właściciel\Pulpit\Nowy folder\hijack\HijackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
default.home
O2 - BHO: SEDP Class - {3BA765C2-08DB-4fe2-9279-311CA10D582A} -
C:\WINDOWS\sehlp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [59.tmp] C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\59.tmp.exe 0
10001
O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adwsoft.exe" hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [CTFMON32] C:\WINDOWS\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: LexBce Server - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor - Unknown - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

    • Gość: piecyk gazowy Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 09.02.05, 22:22
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > default.home
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > default.home
      > O2 - BHO: SEDP Class - {3BA765C2-08DB-4fe2-9279-311CA10D582A} -
      > C:\WINDOWS\sehlp.dll

      > O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
      > O4 - HKLM\..\Run: [59.tmp] C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\59.tmp.exe 0
      > 10001
      > O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adwsoft.exe" hide

      > O4 - HKCU\..\Run: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
      > O15 - Trusted Zone: *.awmdabest.com
      > O15 - Trusted Zone: *.blazefind.com
      > O15 - Trusted Zone: *.clickspring.net
      > O15 - Trusted Zone: *.crazywinnings.com
      > O15 - Trusted Zone: *.flingstone.com
      > O15 - Trusted Zone: *.frame.crazywinnings.com
      > O15 - Trusted Zone: *.mt-download.com
      > O15 - Trusted Zone: *.my-internet.info
      > O15 - Trusted Zone: *.slotch.com
      > O15 - Trusted Zone: *.static.topconverting.com
      > O15 - Trusted Zone: *.topconverting.com
      > O15 - Trusted Zone: *.windupdates.com
      > O15 - Trusted Zone: *.ysbweb.com
      > O15 - Trusted Zone: *.awmdabest.com (HKLM)
      > O15 - Trusted Zone: *.blazefind.com (HKLM)
      > O15 - Trusted Zone: *.clickspring.net (HKLM)
      > O15 - Trusted Zone: *.crazywinnings.com (HKLM)
      > O15 - Trusted Zone: *.flingstone.com (HKLM)
      > O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
      > O15 - Trusted Zone: *.mt-download.com (HKLM)
      > O15 - Trusted Zone: *.my-internet.info (HKLM)
      > O15 - Trusted Zone: *.slotch.com (HKLM)
      > O15 - Trusted Zone: *.static.topconverting.com (HKLM)
      > O15 - Trusted Zone: *.topconverting.com (HKLM)
      > O15 - Trusted Zone: *.windupdates.com (HKLM)
      > O15 - Trusted Zone: *.ysbweb.com (HKLM)
      > O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      > static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
      > O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
      > www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab


      www.mvps.org/winhelp2002/DelDomains.inf - po ściągnięciu kliknij na
      pliku PRAWYM przyciskiem myszy i wybierz Zainstaluj.
      • Gość: jb Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 10.02.05, 19:14
        Wielkie dzięki. :-) Troche pomogło.
Pełna wersja