Proszę o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 06.12.06, 18:16
Logfile of HijackThis v1.99.1
Scan saved at 18:14:09, on 2006-12-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Applications\Residence.exe
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\instalki\antyvirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar] rundll32
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org
2.0\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 - Extra context menu item: &Search -
edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
-{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{A4918FF6-7593-4586-9BD6-3E85E516021A}:
NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.escom.net.pl 06.12.06, 18:34
      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
      C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
      O4 - HKLM\..\Run: [My Web Search Bar] rundll32
      C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S <- katalog MyWe... usun z dysku.
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
      C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
      C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      O8 - Extra context menu item: &Search -
      edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000

      Wywal tez aplikacje od neostrady, opis masz w przyklejonym poscie.
      • Gość: LL1980 Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 06.12.06, 22:59
        serdeczne dzieki - sory za tendencyje pytanko ale gdzie ten opisik o
        usuniecie........... - pozdrawiam
        • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.escom.net.pl 07.12.06, 00:11
          Tam gdzie napisalem, w przyklejonym poscie to ten pierwszy na forum lub w naglowku forum.
          • Gość: LL1980 Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 10.12.06, 18:39
            Wykasowałem sugerowane pozycje i usunęłem usługę neostrady - ponownie proszę o
            sprawdzenie loga

            unning processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Windows Defender\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            C:\Program Files\ewido anti-malware\ewidoctrl.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\WgaTray.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\D-Tools\daemon.exe
            C:\WINDOWS\system32\RunDll32.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Windows Defender\MSASCui.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
            C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
            C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
            C:\Program Files\Sony Corporation\Picture Package\Picture Package
            Applications\Residence.exe
            C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
            C:\Program Files\eMule\eMule.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
            C:\Documents and Settings\test\Pulpit\msimn.exe
            C:\Program Files\Winamp\winamp.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Windows Media Player\wmplayer.exe
            F:\instalki\antyvirus\hijackthis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
            -lang 1033
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
            Files\Java\jre1.5.0_06\bin\jusched.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
            C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe
            O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
            Defender\MSASCui.exe" -hide
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org
            2.0\program\quickstart.exe
            O4 - Global Startup: BlueSoleil.lnk = ?
            O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
            800-840\dslmon.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O4 - Global Startup: Picture Package Menu.lnk = ?
            O4 - Global Startup: Picture Package VCD Maker.lnk = ?
            O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
            Files\Microsoft Office\Office\1045\OLFSNT40.EXE
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O17 - HKLM\System\CCS\Services\Tcpip\..\{A4918FF6-7593-4586-9BD6-3E85E516021A}:
            NameServer = 194.204.152.34 217.98.63.164
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
            Corporation\BlueSoleil\BTNtService.exe
            O23 - Service: ewido security suite control - ewido networks - C:\Program
            Files\ewido anti-malware\ewidoctrl.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
            Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
            • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.escom.net.pl 10.12.06, 18:53
              > C:\Documents and Settings\test\Pulpit\msimn.exe

              Dlaczego masz plik exe outlook'a na pulpicie? Od tego sa skroty.

              Log jest ok.
              • Gość: LL1980 Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 10.12.06, 22:36
                Serdeczne dzieki za rady pozdrawiam ;)
              • Gość: LL1980 Re: Proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 10.12.06, 22:38
                również zajołem sie tym skrótem ;)
Pełna wersja