Piotrekstce utworzono 24 lipca 2007 utworzono 24 lipca 2007 Witam mam prozbe ktos mi sie ostatnio wlamal na gg. Antywirus nie znalazl nic ,a w logu znalazlem niepokojacy wpis. Nie znam sie za bardzo na tym wiec prosze zebyscie sprawdzili go i ewentualnie napisali czy jest to wirus i jak go usunac z gory dzieki.(Log z HijackThis) Logfile of HijackThis v1.99.1 Scan saved at 15:05:32, on 2007-07-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSSYSTEM32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAheadInCDInCDsrv.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe C:Program FilesIVT CorporationBlueSoleilBTNtService.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32ntvdm.exe C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe C:Program FilesSunbelt SoftwareCounterSpySBCSSvc.exe C:Program FilesAheadInCDInCD.exe C:Program FilesWinampwinampa.exe C:PROGRA~1WANADOOTaskbarIcon.exe C:WINDOWSSOUNDMAN.EXE C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesJavaj2re1.4.2_02binjusched.exe C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe C:Programydaemondaemon.exe C:WINDOWSsystem32svchost.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSsystem32RUNDLL32.EXE C:Program FilesSunbelt SoftwareCounterSpySBCSTray.exe C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesCommon FilesTeleca SharedGeneric.exe C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe C:Program FilesWanadooEspaceWanadoo.exe C:Program FilesWanadooComComp.exe C:Program FilesWanadooWatch.exe C:Program FilesGadu-Gadugg.exe C:DOCUME~1userUSTAWI~1Tempupdate.tmp C:Program FilesHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:YDPDictwatch.exe O1 - Hosts: 217.153.219.170 L2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe" O4 - HKLM..Run: [inCD] C:Program FilesAheadInCDInCD.exe O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1WANADOOWatch.exe O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WANADOOTaskbarIcon.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_02binjusched.exe O4 - HKLM..Run: [share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:Programydaemondaemon.exe" -lang 1033 O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup O4 - HKLM..Run: [CorelDRAW Graphics Suite 11b] C:Program FilesCorelCorel Graphics 12LanguagesPLProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=080207 serial=DR12WCX-1308855-VTJ lang=PL O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [sBCSTray] C:Program FilesSunbelt SoftwareCounterSpySBCSTray.exe O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe" O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe O4 - Global Startup: Microsoft Office.lnk = D:Program FilesMicrosoft OfficeOfficeOSA9.EXE O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_02binnpjpi142_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_02binnpjpi142_02.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O17 - HKLMSystemCCSServicesTcpip..{5074CD38-D2FA-4EE2-8D86-5A9AACF929DB}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:Program FilesSunbelt SoftwareCounterSpySBCSSvc.exe
CatchMe komentarz 24 lipca 2007 komentarz 24 lipca 2007 Log jest czysty. Użyj: http://stopwirusom.pl/index.php?option=com...1&Itemid=12 i wklej log z ComboFix.
Piotrekstce komentarz 24 lipca 2007 Autor komentarz 24 lipca 2007 Dzieki za sprawdzenie loga. Mam jednak jeszcze inne pytanie. Daloby sie namierzyc ip osoby ktora kozystala z mojego gg o daniej godzinie, lub namierzyc w przyszlosci (np jakis prog ktory by zapisywal numery ip ktore kozystaly z tego nr gg lub jakikolwiek inny sposob) Wiem ze to moze byc trudne ale jesli tak to bardzo prosze o odpowiedz
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.