prośba o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 24.03.07, 23:52
Logfile of HijackThis v1.99.1
Scan saved at 11:46:09, on 24-03-2007
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\DEXXA\DEXXA OPTICAL MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\Menu Start\Programy\Autostart\POLKEYB.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
G:\MAłA KSIęGOWOść RZEPY\BIURO.EXE
G:\MAłA KSIęGOWOść RZEPY\KSIęGA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.tvn24.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 192.168.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Dexxa\Dexxa Optical Mouse\1.0
\lwbwheel.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4
\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
\ashServ.exe
O4 - Startup: POLKEYB.EXE
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8
\programs\MFIndexer.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... -
file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O20 - Winlogon Notify: uninstall - C:\WINDOWS\uninstall.dll (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\SYSTEM\uninstall.dll (file missing)
O21 - SSODL: nbnLtNuBnlp - {27611C08-8DCB-B6A2-C491-0E905D4690D6} -
C:\WINDOWS\SYSTEM\GWBLI.DLL
O21 - SSODL: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} -
C:\WINDOWS\SYSTEM\geplxss.dll

    • Gość: Kolobos Re: prośba o sprawdzenie loga IP: *.escom.net.pl 25.03.07, 00:29
      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
      about:blank
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
      O20 - Winlogon Notify: uninstall - C:\WINDOWS\uninstall.dll (file missing)
      O20 - Winlogon Notify: Run - C:\WINDOWS\SYSTEM\uninstall.dll (file missing)
      O21 - SSODL: nbnLtNuBnlp - {27611C08-8DCB-B6A2-C491-0E905D4690D6} -
      C:\WINDOWS\SYSTEM\GWBLI.DLL <- plik usun z dysku.
      O21 - SSODL: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} -
      C:\WINDOWS\SYSTEM\geplxss.dll <- ten tez.

      Do tego skan:
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      www.spywareinfo.com/xscan.php
      www.bitdefender.com/scan8/ie.html
      Warto tez zmienic IE na Opere.
Pełna wersja