Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    logo HijackThis

    IP: *.neoplus.adsl.tpnet.pl 26.10.06, 22:41
    Witam proszę o sprawdzenie loga.
    Chyba zpalałem cos takiego jak error Safe
    Logfile of HijackThis v1.99.1
    Scan saved at 22:39:31, on 2006-10-26
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Neostrada TP\NeostradaTP.exe
    C:\Program Files\Neostrada TP\ComComp.exe
    C:\Program Files\Neostrada TP\Watch.exe
    C:\Documents and Settings\Rafi\Pulpit\hijackthis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.o2.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
    \SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B08E5A20-764D-4979-9D2F-
    A8B5D03C830D}: NameServer = 194.204.152.34 217.98.63.164
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol Soft\Alcohol 120
    \StarWind\StarWindService.exe

    Obserwuj wątek
      • Gość: Kolobos Re: logo HijackThis IP: *.escom.net.pl 26.10.06, 22:51
        Zrob to samo co tutaj:
        forum.gazeta.pl/forum/72,2.html?f=430&w=51043439&a=51044845
        W hjt usun:
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
        O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
        • Gość: klx Re: logo HijackThis IP: *.neoplus.adsl.tpnet.pl 27.10.06, 21:23
          Zrobiłem chyab wszystko
          log po wykonaniu czaleconych czynnosci

          Logfile of HijackThis v1.99.1
          Scan saved at 21:21:23, on 2006-10-27
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Neostrada TP\NeostradaTP.exe
          C:\Program Files\Neostrada TP\ComComp.exe
          C:\Program Files\Neostrada TP\Watch.exe
          C:\Documents and Settings\Rafi\Pulpit\hijackthis\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.onet.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
          784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
          \SPYBOT~1\SDHelper.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
          Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
          \dslmon.exe
          O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
          Files\InterVideo\Common\Bin\WinCinemaMgr.exe
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
          Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
          O17 - HKLM\System\CCS\Services\Tcpip\..\{B08E5A20-764D-4979-9D2F-A8B5D03C830D}:
          NameServer = 194.204.152.34 217.98.63.164
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
          C:\Program Files\ewido anti-spyware 4.0\guard.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
          Software - C:\Program Files\Alcohol Soft\Alcohol 120
          \StarWind\StarWindService.exe

          • Gość: Kolobos Re: logo HijackThis IP: *.escom.net.pl 27.10.06, 21:52
            Po co wklejasz log z hjt? Prosilem o log z Smit..
            • Gość: klx Re: logo HijackThis IP: *.neoplus.adsl.tpnet.pl 27.10.06, 22:12
              Czy to jest to ?
              SmitFraudFix v2.114

              Scan done at 20:48:25,17, 2006-10-27
              Run from C:\Documents and Settings\Rafi\Pulpit\SmitfraudFix\SmitfraudFix
              OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
              Fix run in safe mode

              »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll

              »»»»»»»»»»»»»»»»»»»»»»»» Killing process


              »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

              GenericRenosFix by S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


              »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

              Registry Cleaning done.

              »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll


              »»»»»»»»»»»»»»»»»»»»»»»» End

              • Gość: Kolobos Re: logo HijackThis IP: *.escom.net.pl 27.10.06, 22:43
                Tak i jest ok.
                • Gość: klx Re: logo HijackThis IP: *.neoplus.adsl.tpnet.pl 27.10.06, 22:58
                  Uff.
                  Dzieki za pomoc i porady
                  pozdr
                  KLX
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.