Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prosba o sprawdzenie loga

    IP: *.neoplus.adsl.tpnet.pl 29.10.07, 22:22
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:18:50, on 2007-10-29
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe
    C:\windows\system32\mstsdsc.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Neostrada TP\NeostradaTP.exe
    C:\Program Files\Neostrada TP\ComComp.exe
    C:\Program Files\Neostrada TP\Watch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [pviever] "C:\Program
    Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
    O4 - HKLM\..\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe
    O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe"
    /RunUPGToolCommandReBoot
    O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe
    O4 - HKLM\..\Policies\Explorer\Run: [winlogon.exe] msole32.exe
    O4 - HKLM\..\Policies\Explorer\Run: [notepad2.exe] popuper.exe
    O4 - HKLM\..\Policies\Explorer\Run: [SystemDriver] c:\DriverLoad\windrv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [FDriver] c:\DriverLoad\windrv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ADriver] c:\DriverLoad\windrv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\DriverLoad\windrv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\DriverLoad\windrv.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [FDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ADriver] c:\DriverLoad\windrv.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Search -
    kn.bar.need2find.com/KN/menusearch.html?p=KN
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\system32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
    - security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
    Control) - www.modgik.lodz.pl/Mapa/mgaxctrl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{5A30E387-EA1D-451A-922C-F75617FEF7C0}:
    NameServer = 194.204.159.1 217.98.63.164
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} -
    C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program
    Files\ewido\security suite\ewidoctrl.exe
    O24 - Desktop Component 0: (no name) -
    www.tapety.ikar.pl/krajobrazy2/dune.jpg
    O24 - Desktop Component 1: Warning homepage - C:\WINDOWS\warnhp.html

    --
    End of file - 6645 bytes
    Obserwuj wątek
      • Gość: Kolobos Re: prosba o sprawdzenie loga IP: *.escom.net.pl 29.10.07, 22:40
        To juz sie robi nudne..
        forum.gazeta.pl/forum/72,2.html?f=430&w=66002983

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.