Dodaj do ulubionych

proszę o sprawdzenie loga

15.08.06, 10:17
Logfile of HijackThis v1.99.1
Scan saved at 10:15:38, on 2006-08-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Komputer\Pulpit\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.pajacyk.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.idg.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Skaner]
C:\DOCUME~1\Komputer\USTAWI~1\Temp\Rar$EX23.971\Ochraniacz\OPZTskaner.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Windows Media Player] hkcmd.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsng.exe
O4 - HKCU\..\Run: [Windows Media Player] hkcmd.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe"
/RunUPGToolCommandReBoot
O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKCU\..\RunServices: [Windows Media Player] hkcmd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D8CAAFA6-3E6E-4821-A154-B9F4EC25F3B6}:
NameServer = 194.204.152.34 217.98.63.164
O17 -
HKLM\System\CCS\Services\Tcpip\..\{FD0EF051-D284-4B0A-A39D-8A54714402EF}:
NameServer = 194.204.159.1,194.204.152.34
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited -
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. -
C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Obserwuj wątek
    • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 15.08.06, 11:56
      Usun w hjt:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
      C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
      O4 - HKLM\..\Run: [Skaner]
      C:\DOCUME~1\Komputer\USTAWI~1\Temp\Rar$EX23.971\Ochraniacz\OPZTskaner.exe <-
      dlaczego to cos uruchamia sie z temp?!
      O4 - HKLM\..\RunServices: [Windows Media Player] hkcmd.exe
      O4 - HKLM\..\RunServices: [MSN Messanger] msnmsng.exe
      O4 - HKCU\..\Run: [MSN Messanger] msnmsng.exe
      O4 - HKCU\..\Run: [Windows Media Player] hkcmd.exe
      O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe <- plik usun z dysku.
      O4 - HKCU\..\RunServices: [Windows Media Player] hkcmd.exe <- i ten.
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) -
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

      Na koniec zrob skan przy pomocy ewido.
      • joalbi Re: proszę o sprawdzenie loga 17.08.06, 19:44
        Bardzo dziękuję :)
        Co do tego:
        C:\DOCUME~1\Komputer\USTAWI~1\Temp\Rar$EX23.971\Ochraniacz\OPZTskaner.exe <
        > -
        > dlaczego to cos uruchamia sie z temp?!
        to nie mam pojęcia, bo nie bardzo się na tym znam
          • Gość: joalbi proszę o sprawdzenie nowego loga IP: *.neoplus.adsl.tpnet.pl 19.08.06, 13:25
            Logfile of HijackThis v1.99.1
            Scan saved at 13:24:22, on 2006-08-19
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Ahead\InCD\InCD.exe
            C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\WINDOWS\system32\LXSUPMON.EXE
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\crypserv.exe
            C:\WINDOWS\system32\netdde.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Neostrada TP\NeostradaTP.exe
            C:\Program Files\Neostrada TP\ComComp.exe
            C:\Program Files\Neostrada TP\Watch.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Documents and Settings\Komputer\Pulpit\hijackthis\hijackthis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.pajacyk.pl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            www.idg.pl
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
            Files\Java\jre1.5.0_05\bin\jusched.exe
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
            Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
            O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
            Labs\ZoneAlarm\zlclient.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe"
            /RunUPGToolCommandReBoot
            O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
            C:\Program Files\Avant Browser\AddAllToADBlackList.htm
            O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
            Files\Avant Browser\AddToADBlackList.htm
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
            C:\Program Files\Avant Browser\OpenAllLinks.htm
            O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
            Browser\Highlight.htm
            O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
            O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
            C:\Program Files\IrfanView\Ebay\Ebay.htm
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
            O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CAAFA6-3E6E-4821-A154-B9F4EC25F3B6}:
            NameServer = 194.204.152.34 217.98.63.164
            O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0EF051-D284-4B0A-A39D-8A54714402EF}:
            NameServer = 194.204.159.1,194.204.152.34
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program
            Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: Crypkey License - Kenonic Controls Ltd. -
            C:\WINDOWS\SYSTEM32\crypserv.exe
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka