Uprzejmnie porsze o pomoc !!

IP: *.neoplus.adsl.tpnet.pl 28.01.07, 14:02
Od jakiegos czasu przy połaczeniu z neostrada pojawia mi się cos takiego
jak " i dialer" .. niestety nie znam sie na tym , nie wiem jaka jest tego
przyczyna i nie wiem co robic. troche mnie to niepokoi. Bardzo prosze o
pomoc !!



Logfile of HijackThis v1.99.1
Scan saved at 13:50:26, on 07-01-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINSYS\System32\smss.exe
C:\WINSYS\system32\winlogon.exe
C:\WINSYS\system32\services.exe
C:\WINSYS\system32\lsass.exe
C:\WINSYS\system32\svchost.exe
C:\WINSYS\System32\svchost.exe
C:\WINSYS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINSYS\System32\PAStiSvc.exe
C:\WINSYS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINSYS\System32\svchost.exe
C:\WINSYS\Explorer.EXE
C:\WINSYS\SOUNDMAN.EXE
C:\WINSYS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINSYS\PowerS.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Picasa2\PicasaMediaDetector.exe
C:\Winamp\winampa.exe
C:\WINSYS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Winamp\Winamp.exe
C:\WINSYS\TEMP\win1A2.tmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\NATALKA\Ustawienia lokalne\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINSYS\system32
\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03
\bin\jusched.exe
O4 - HKLM\..\Run: [PowerS] C:\WINSYS\PowerS.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINSYS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINSYS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINSYS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program
Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: ING Bank Online -
ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} -
scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} -
scripts.downloadv3.com/binaries/IA/sysiasvc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} -
scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -
scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {CT id=e codeBase=www.www2.p0rt2.com/files/epl85bf2.cab
classid=clsid:33331111-1111-1111-1111-615111193427} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{861BE358-ADB1-4D9B-90E9-
A3FCE00A6E09}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: winuqw32 - C:\WINSYS\SYSTEM32\winuqw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINSYS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - E:\MCS Firewall 6
\system\ipfw.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINSYS\System32\PAStiSvc.exe
    • Gość: Kolobos Re: Uprzejmnie porsze o pomoc !! IP: *.escom.net.pl 28.01.07, 16:00
      > nie wiem jaka jest tego przyczyna

      Zainstalowalas wiec sie pojawia.

      W meandzerze zadan zakoncz:
      C:\WINSYS\TEMP\win1A2.tmp.exe
      Usun wszystkie pliki z TEMP.

      W hjt usun:
      O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
      O15 - Trusted Zone: *.p0rt2.com
      O16 - DPF: {33331111-1111-1111-1111-615111193427} -
      O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} -
      scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
      O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} -
      scripts.downloadv3.com/binaries/IA/sysiasvc32_EN_XP.cab
      O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} -
      scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
      O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -
      scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
      O16 - DPF: {CT id=e codeBase=www.www2.p0rt2.com/files/epl85bf2.cab
      classid=clsid:33331111-1111-1111-1111-615111193427} -
      O20 - Winlogon Notify: winuqw32 - C:\WINSYS\SYSTEM32\winuqw32.dll <- plik usun przy pomocy killbox'a.

      Usluge mozesz usunac skoro firewall juz nie dziala:
      O23 - Service: ipfw_helper (ipfw) - Unknown owner - E:\MCS Firewall 6
      \system\ipfw.exe (file missing)

      Na koniec przeskanuj system przy pomocy ewido.
Pełna wersja