Proszę o sprawdzenie loga

Gość: exon IP: *.neoplus.adsl.tpnet.pl 02.01.06, 16:18

Logfile of HijackThis v1.99.0
Scan saved at 15:09:55, on 02-01-2006
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\BANKBPH\MCCWIN\PRG\ZBASE32.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Muzyka\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -
FastScan
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Otwórz w przeglądarce GetRight - C:\Program
Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pobierz za pomocą GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: ehttp.cc/?
O15 - Trusted Zone: *.63.219.181.7
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program
Files\Q330994.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-
CFDC679184FA}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DD5CD8-CA9D-4518-AF59-
D203EBDBB447}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-
CFDC679184FA}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - AppInit_DLLs: msvsres.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Obserwuj wątek

Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 18:31

jeszcze jeden log z nowszego hijacka:

Logfile of HijackThis v1.99.1
Scan saved at 18:29:36, on 02-01-2006
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Trans\Trans.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\TEMP\Rar$EX00.172\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Otwórz w przeglądarce GetRight - C:\Program
Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pobierz za pomocą GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-
11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Drzewko
Od najstarszego
Od najnowszego

Gość: k Re: Proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 02.01.06, 16:36

Stary hijackthis!

Usun w hijackthis:
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe <- jezeli wiesz co to jest to zostaw, jezeli nie to usun katalog trans
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -
FastScan <- odinstaluj
O13 - WWW. Prefix: ehttp.cc/?
O15 - Trusted Zone: *.63.219.181.7
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program
Files\Q330994.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/sites/games-intl/pl/games4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DD5CD8-CA9D-4518-AF59-
D203EBDBB447}: NameServer = 69.50.166.94,69.31.80.244
O20 - AppInit_DLLs: msvsres.dll <- usun plik z dysku

Przeskanuj tym:
www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT02&WRSID=fa418c3f36c473de8c7d2176ac7ada66 <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
Zamknij porty w wwdc:
www.firewallleaktester.com/tools/wwdc.exe
Po wszystkim wklej nowy log z nowej wersji hijackthis.
- Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 18:25
  
  dzięki za wskazówki, zrobiłem wszystko i teraz wygląda to tak:
  Logfile of HijackThis v1.99.0
  Scan saved at 18:22:00, on 02-01-2006
  Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\SOUNDMAN.EXE
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
  C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\PROGRA~1\Trans\Trans.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\Gadu-Gadu\gg.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
  C:\PROGRA~1\NEOSTR~1\ComComp.exe
  C:\PROGRA~1\NEOSTR~1\Watch.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Downloads\Muzyka\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.neostrada.pl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
  R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
  C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
  C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
  c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
  files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
  atboottime
  O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
  Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
  O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
  Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
  Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
  ActiveSync\WCESCOMM.EXE"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
  Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
  Files\HP\Digital Imaging\bin\hpqthb08.exe
  O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
  O8 - Extra context menu item: &Google Search - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Otwórz w przeglądarce GetRight - C:\Program
  Files\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Pobierz za pomocą GetRight - C:\Program
  Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: Similar Pages - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
  C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
  00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-
  11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
  C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
  ActiveSync\inetrepl.dll
  O12 - Plugin for .mpg: C:\Program Files\Internet
  Explorer\PLUGINS\npqtplugin3.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
  arcaonline.arcabit.com/ArcaOnline.cab
  O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
  www.bph.pl/pi/components/SignActivX.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
  NameServer = 194.204.152.34 217.98.63.164
  O17 - HKLM\System\CS1\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
  NameServer = 194.204.152.34 217.98.63.164
  O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
  Files\HP\hpcoretech\comp\hpuiprot.dll
  O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil
  Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
  Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
  Software\Avast4\ashMaiSv.exe
  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
  Software\Avast4\ashWebSv.exe
  O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
  Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
  C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  - Gość: k Re: Proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 02.01.06, 18:32
    
    Przeciez prosilem o nowy log z NOWEJ wersji hijackthis wiec czemu wklejasz znowu z tej samej?!
    
    Widze, ze to zostawiles:
    O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe
    Co to za program? Moze cos do tarnsparentnych okienek? :>
    
    Wywal aplikacje od neostrady:
    forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
    - Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 18:36
      
      trans jest programem ogólnopolskiej giełdy transportowej, jest to komunikator
      podobny do gadu i jestem przekonany że jest ok.
      Nowego loga już wysłałem
- Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 18:31
  
  jeszcze jeden log z nowszego hijacka:
  
  Logfile of HijackThis v1.99.1
  Scan saved at 18:29:36, on 02-01-2006
  Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\SOUNDMAN.EXE
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
  C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\PROGRA~1\Trans\Trans.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\Gadu-Gadu\gg.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
  C:\PROGRA~1\NEOSTR~1\ComComp.exe
  C:\PROGRA~1\NEOSTR~1\Watch.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\WinRAR\WinRAR.exe
  C:\WINDOWS\TEMP\Rar$EX00.172\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.neostrada.pl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
  R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
  C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
  C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
  c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
  files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
  atboottime
  O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
  Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
  O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
  Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
  Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Trans] C:\PROGRA~1\Trans\Trans.exe
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
  ActiveSync\WCESCOMM.EXE"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
  Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
  Files\HP\Digital Imaging\bin\hpqthb08.exe
  O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
  O8 - Extra context menu item: &Google Search - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Otwórz w przeglądarce GetRight - C:\Program
  Files\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Pobierz za pomocą GetRight - C:\Program
  Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: Similar Pages - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program
  Files\Google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
  C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
  00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-
  11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
  C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
  ActiveSync\inetrepl.dll
  O12 - Plugin for .mpg: C:\Program Files\Internet
  Explorer\PLUGINS\npqtplugin3.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
  arcaonline.arcabit.com/ArcaOnline.cab
  O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
  www.bph.pl/pi/components/SignActivX.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
  NameServer = 194.204.152.34 217.98.63.164
  O17 - HKLM\System\CS1\Services\Tcpip\..\{6C3F7213-166F-4EEB-AB30-CFDC679184FA}:
  NameServer = 194.204.152.34 217.98.63.164
  O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
  Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
  C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  - Gość: k Re: Proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 02.01.06, 18:39
    
    To mozesz wywalic:
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    - Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 18:48
      
      to już wywaliłem, wszystko mi działa poza outlook expresem - nie widać folderów
      i wiadomości.
      - Gość: k Re: Proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 02.01.06, 19:00
        
        Z OE Ci nie pomoge bo go nie uzywam, nie uzywalem i nie bede uzywal :>
        Moze pomysl o zmianie czytnika na jakis inny :-)
        
        Gość: exon Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 02.01.06, 19:06
        
        OK już mi wszystko chodzi - dzięki wielkie za pomoc
        Pozdrawiam

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się