prosze o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 28.10.06, 22:10
Logfile of HijackThis v1.99.1
Scan saved at 22:06:59, on 2006-10-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\kybrdff_e41.exe
C:\nwnmff_e40.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Monisia\Pulpit\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: 200.80.43.9 aquasonyc.sudnet.org
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\Run: [yahoo inc.] ypages.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e40.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e41.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e40.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda
Demo\pandasft.exe"
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner
2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006
Free\udcpas.exe"
O4 - HKLM\..\Run: [LanzarT2006]
"C:\DOCUME~1\Monisia\USTAWI~1\Temp\{B4FA0F6A-1F7D-4394-84A0-7F57DBF221E3}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe"
/SETUP:"/l0x0015"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [yahoo inc.] ypages.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD
Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D09B2975-5C11-46AA-9590-C6885C5A1C4D}:
NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\i060lajm1doa.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
Monitor\netmon.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

    • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.escom.net.pl 28.10.06, 23:38
      Masz piracki windows bez aktualizacji wiec to normalne, ze masz "problemik".

      Zmien przegladarke na Opere lub Firefox, zamknij porty przy pomocy wwdc.exe, do tego skan przy pomocy ewido oraz usuwanie look2me. Wywal tez aplikacje od nostrady.

      W menadzerze zadan zakoncz:
      C:\kybrdff_e41.exe
      C:\nwnmff_e40.exe

      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.findthewebsiteyouneed.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
      C:\Program Files\Deskbar\deskbar.dll <- katalog deskbar usun z dysku.
      F2 - REG:system.ini: Shell=explorer.exe
      O1 - Hosts: 200.80.43.9 aquasonyc.sudnet.org
      Pliki usun z dysku:
      O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
      O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
      O4 - HKLM\..\Run: [yahoo inc.] ypages.exe
      O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
      O4 - HKLM\..\Run: [defender] C:\\dfndrff_e40.exe
      O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e41.exe
      O4 - HKLM\..\Run: [newname] C:\\nwnmff_e40.exe
      O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
      O4 - HKLM\..\Run: [LanzarT2006]
      "C:\DOCUME~1\Monisia\USTAWI~1\Temp\{B4FA0F6A-1F7D-4394-84A0-7F57DBF221E3}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe"
      /SETUP:"/l0x0015" <- usun wszystko z Temp.
      O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe <- plik do kasacji.
      O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe <- i ten
      O4 - HKLM\..\RunServices: [yahoo inc.] ypages.exe <- i ten
      O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe <- i ten
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links -
      {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\i060lajm1doa.dll

      Usluga do kasacji, opis w przyklejonym:
      O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
      Monitor\netmon.exe (file missing)

      W razie pytan poczytaj przyklejony post! Po wszystkim wklej nowy log.
Pełna wersja