Proszę o sprawdzenie loga

[Piotrekstce]

Witam mam prozbe ktos mi sie ostatnio wlamal na gg. Antywirus nie znalazl nic ,a w logu znalazlem niepokojacy wpis. Nie znam sie za bardzo na tym wiec prosze zebyscie sprawdzili go i ewentualnie napisali czy jest to wirus i jak go usunac z gory dzieki.(Log z HijackThis)

Logfile of HijackThis v1.99.1

Scan saved at 15:05:32, on 2007-07-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSSYSTEM32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAheadInCDInCDsrv.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32ntvdm.exe

C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe

C:Program FilesSunbelt SoftwareCounterSpySBCSSvc.exe

C:Program FilesAheadInCDInCD.exe

C:Program FilesWinampwinampa.exe

C:PROGRA~1WANADOOTaskbarIcon.exe

C:WINDOWSSOUNDMAN.EXE

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesJavaj2re1.4.2_02binjusched.exe

C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe

C:Programydaemondaemon.exe

C:WINDOWSsystem32svchost.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSsystem32RUNDLL32.EXE

C:Program FilesSunbelt SoftwareCounterSpySBCSTray.exe

C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesSkypePhoneSkype.exe

C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe

C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe

C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe

C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesCommon FilesTeleca SharedGeneric.exe

C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe

C:Program FilesWanadooEspaceWanadoo.exe

C:Program FilesWanadooComComp.exe

C:Program FilesWanadooWatch.exe

C:Program FilesGadu-Gadugg.exe

C:DOCUME~1userUSTAWI~1Tempupdate.tmp

C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=C:YDPDictwatch.exe

O1 - Hosts: 217.153.219.170 L2authd.lineage2.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [inCD] C:Program FilesAheadInCDInCD.exe

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1WANADOOWatch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WANADOOTaskbarIcon.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_02binjusched.exe

O4 - HKLM..Run: [share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Programydaemondaemon.exe" -lang 1033

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup

O4 - HKLM..Run: [CorelDRAW Graphics Suite 11b] C:Program FilesCorelCorel Graphics 12LanguagesPLProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=080207 serial=DR12WCX-1308855-VTJ lang=PL

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [sBCSTray] C:Program FilesSunbelt SoftwareCounterSpySBCSTray.exe

O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"

O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

O4 - Global Startup: Microsoft Office.lnk = D:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_02binnpjpi142_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_02binnpjpi142_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab

O17 - HKLMSystemCCSServicesTcpip..{5074CD38-D2FA-4EE2-8D86-5A9AACF929DB}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:Program FilesSunbelt SoftwareCounterSpySBCSSvc.exe

[CatchMe]

Log jest czysty. Użyj: http://stopwirusom.pl/index.php?option=com...1&Itemid=12 i wklej log z ComboFix.

[Piotrekstce]

Dzieki za sprawdzenie loga. Mam jednak jeszcze inne pytanie. Daloby sie namierzyc ip osoby ktora kozystala z mojego gg o daniej godzinie, lub namierzyc w przyszlosci (np jakis prog ktory by zapisywal numery ip ktore kozystaly z tego nr gg lub jakikolwiek inny sposob) Wiem ze to moze byc trudne ale jesli tak to bardzo prosze o odpowiedz