Prosba o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 06.02.06, 22:57
Logfile of HijackThis v1.98.2
Scan saved at 22:08:57, on 2006-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\rafa\Pulpit\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKCU\..\Run: [Anty_16BitNT Automatyczna Ochrona]
C:\WINDOWS\Anty_16BitNT.exe AO
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend
Micro\Tmas\Tmas.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDD99BCE-8E80-458B-9430-
D2A379512A7B}: NameServer = 85.255.114.46 85.255.112.210

    • kolobos Re: Prosba o sprawdzenie loga 07.02.06, 00:51
      Wklej nowy log z NOWEGO hijackthis.
    • Gość: andy Re: Prosba o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 07.02.06, 01:08
      Logfile of Browser Hijack Recover(BHR) v2.3
      www.browser-hijack.com/
      Log created on 2006-02-07 01:01:02
      Microsoft Windows XP Professional Dodatek Service Pack 2 (Build 2600)
      Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;

      [Process Manager] - [Process]
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Trend Micro\Tmas\Tmas.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Maxthon\Maxthon.exe
      C:\Program Files\Browser Hijack Recover\bhr.exe

      [IE Options] - [Normal]
      R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page =
      about:blank
      R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet
      Explorer\Main,Default_Page_URL =
      R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =
      R1 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page =

      [IE Options] - [IE Menu]

      [IE Options] - [Internet Options]

      [IE Options] - [IE Search Hooks]
      R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-
      00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

      [IE Add-Ons] - [Toolbars]

      [IE Add-Ons] - [Explorer Bars]

      [IE Add-Ons] - [Context Menu]

      [IE Add-Ons] - [BHOs]
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

      [IE Add-Ons] - [Tools Menu]

      [IE Add-Ons] - [Tools Button]

      [System Options]

      [StartUp]
      04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      Anty_16BitNT Automatyczna Ochrona = C:\WINDOWS\Anty_16BitNT.exe AO
      04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Gadu-Gadu
      = C:\Program Files\Gadu-Gadu\gg.exe" /tray
      04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Skype =
      C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run InCD =
      C:\Program Files\Ahead\InCD\InCD.exe
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run avast! =
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WooCnxMon
      = C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      SpeedTouch USB Diagnostics = C:\Program Files\Thomson\SpeedTouch
      USB\Dragdiag.exe" /icon
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WOOWATCH
      = C:\PROGRA~1\NEOSTR~1\Watch.exe
      04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WOOWATCH
      = C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe
      Gamma Loader.exe.lnk = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
      O4 - C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Trend
      Micro Anti-Spyware.lnk = C:\PROGRA~1\TRENDM~1\Tmas\Tmas.exe

      • kolobos Re: Prosba o sprawdzenie loga 07.02.06, 01:17
        hm czego nie rozumiesz w zdaniu: "Wklej nowy log z nowego hijackthis?" ?
        Masz sciagnac NOWA wersje hijackthis:
        www.google.pl/search?ie=UTF-8&oe=UTF-8&q=hijackthis
        I wkleic nowy log, a nie sciagac "Browser Hijack Recover" i wklejac log.
      • Gość: andy Re: Prosba o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 07.02.06, 01:26
        Przepraszam za niedopatrzenie mysle ze teraz bedzie wszystko ok
        a gory dziekuje za jakiekolwiek porady



        Logfile of HijackThis v1.99.1
        Scan saved at 01:24:29, on 2006-02-07
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Trend Micro\Tmas\Tmas.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiapsrv.exe
        C:\Program Files\Maxthon\Maxthon.exe
        C:\Program Files\Browser Hijack Recover\bhr.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Documents and Settings\rafa\Pulpit\Nowy folder\HijackThis.exe

        O1 - Hosts: localhost 127.0.0.1
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
        Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKCU\..\Run: [Anty_16BitNT Automatyczna Ochrona]
        C:\WINDOWS\Anty_16BitNT.exe AO
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend
        Micro\Tmas\Tmas.exe
        O17 - HKLM\System\CCS\Services\Tcpip\..\{BDD99BCE-8E80-458B-9430-D2A379512A7B}:
        NameServer = 85.255.114.46 85.255.112.210
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
        CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
        Files\Ahead\InCD\InCDsrv.exe

        • kolobos Re: Prosba o sprawdzenie loga 07.02.06, 11:10
          Wywal aplikacje od neostrady:
          forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
          W hijackthis usun:
          O17 - HKLM\System\CCS\Services\Tcpip\..\{BDD99BCE-8E80-458B-9430-D2A379512A7B}:
          NameServer = 85.255.114.46 85.255.112.210
          Nastepnie ustaw adresy DNS'ow takie jakie podal Twoj dostawca netu.

Pełna wersja