Dodaj do ulubionych

Prosze o sprawdzenie loga z HiJackThis

IP: *.neoplus.adsl.tpnet.pl 15.06.05, 08:33
Logfile of HijackThis v1.99.1
Scan saved at 08:33:01, on 2005-06-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rpcclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Nikon\NkView6\NkvMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program
Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-
B92435320F69}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown
owner - C:\WINDOWS\System32\rpcclient.exe

Edytor zaawansowany
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 15.06.05, 13:24
    Po co zakladasz drugi watek? Nawet nie zrobiles tego co Ci wczesniej napisalem!
    Wiec poczytaj jeszcze raz:
    forum.gazeta.pl/forum/72,2.html?f=430&w=25208866&a=25210876
    Jak dalej bedzie to samo to przeczytaj jeszcze raz i jeszcze az zrobisz to co
    napisalem...

    + to:
    O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner -
    C:\WINDOWS\System32\rpcclient.exe

    Mozesz tez usunac aplikacje od neostrady jak chcesz:
    forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
    Nie jest ona do niczego potrzebna.
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 17.06.05, 17:24
    Logfile of HijackThis v1.99.1
    Scan saved at 17:21:59, on 2005-06-17
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\System32\netddeclnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
    files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
    C:\WINDOWS\System32\netddeclnt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 17.06.05, 17:26
    Przeciez pisalem zebys odinstalowal/usunal:
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
    files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe"

    Oraz ich katalogi:
    C:\Program Files\Internet Optimizer\
    C:\Program Files\Common files\SearchUpgrader\
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 17.06.05, 19:23
    Po usunięciu tego:
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
    files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe
    Niemogłem znaleść tego:
    C:\Program Files\Internet Optimizer\
    C:\Program Files\Common files\SearchUpgrader\
    czy wysłać Ci jeszcze jednego loga.
    i jagbyś mógł to poleć mi jakiś proglam który mi dokładnie przeskanuje komputer.



  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 18.06.05, 09:45
    Prosze sprawdz teras czy coś jest....
    Logfile of HijackThis v1.99.1
    Scan saved at 09:44:55, on 2005-06-18
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\netddeclnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
    C:\WINDOWS\System32\netddeclnt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 18.06.05, 11:33
    Juz ok.
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 23.06.05, 13:38
    Logfile of HijackThis v1.99.1
    Scan saved at 13:36:17, on 2005-06-23
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\netddeclnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\nbthlp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\phqghum.EXE
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O1 - Hosts: 204.9.190.180 onlineaccounts2.abbeynational.co.uk
    O1 - Hosts: 204.9.190.180 www3.aibgbonline.co.uk
    O1 - Hosts: 204.9.190.180 www.bank.alliance-leicester.co.uk
    O1 - Hosts: 204.9.190.180 login.iblogin.com
    O1 - Hosts: 204.9.190.180 ww2.bankofscotlandhalifax-online.co.uk
    O1 - Hosts: 204.9.190.180 inet.barclays.co.uk
    O1 - Hosts: 204.9.190.180 iibank.barclays.co.uk
    O1 - Hosts: 204.9.190.180 iibank.cahoot.com
    O1 - Hosts: 204.9.190.180 www3.coventrybuildingsociety.co.uk
    O1 - Hosts: 204.9.190.180 ww.hsbc.co.uk
    O1 - Hosts: 204.9.190.180 login.ebank.offshore.hsbc.co.je
    O1 - Hosts: 204.9.190.180 ww3.online-offshore.lloydstsb.com
    O1 - Hosts: 204.9.190.180 ww3.online-business.lloydstsb.co.uk
    O1 - Hosts: 204.9.190.180 ww3.online.lloydstsb.co.uk
    O1 - Hosts: 204.9.190.180 ob2.nationet.com
    O1 - Hosts: 204.9.190.180 ww3.onlinebanking.natwestoffshore.com
    O1 - Hosts: 204.9.190.180 ww1.nwolb.com
    O1 - Hosts: 204.9.190.180 ww1.onlinebanking.iombank.com
    O1 - Hosts: 204.9.190.180 ww1.www.rbsdigital.com
    O1 - Hosts: 204.9.190.180 welcome.smile.co.uk
    O1 - Hosts: 204.9.190.180 login.365online.com
    O1 - Hosts: 204.9.190.180 wvw.citizensbankonline.com
    O1 - Hosts: 204.9.190.180 esecure.regionsnet.com
    O1 - Hosts: 204.9.190.180 rollb.associatedbank.com
    O1 - Hosts: 204.9.190.180 upb.unionplanters.com
    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
    O1 - Hosts: 204.9.190.180 inet.southtrustonlinebanking.com
    O1 - Hosts: 204.9.190.180 logon.personal.wamu.com
    O1 - Hosts: 204.9.190.180 login.compassweb.com
    O1 - Hosts: 204.9.190.180 logon.firstmeritib.com
    O1 - Hosts: 204.9.190.180 login.ccfcuonline.org
    O1 - Hosts: 204.9.190.180 ww3.etimebanker.bankofthewest.com
    O1 - Hosts: 204.9.190.180 www.onlinebanking.lasallebank.com
    O1 - Hosts: 204.9.190.180 wvw.totallyfreebanking.com
    O1 - Hosts: 204.9.190.180 www.online.wellsfargo.com
    O1 - Hosts: 204.9.190.180 ww2.onlinebanking.bankofoklahoma.com
    O1 - Hosts: 204.9.190.180 accounts4.keybank.com
    O1 - Hosts: 204.9.190.180 logon.bankone.com
    O1 - Hosts: 204.9.190.180 www.secure.tdbanknorth.com
    O1 - Hosts: 204.9.190.180 www.secure.mvnt4.com
    O1 - Hosts: 204.9.190.180 ww.mynfbonline.com
    O1 - Hosts: 204.9.190.180 login.forumcuonline.com
    O1 - Hosts: 204.9.190.180 www.eds.usersonlnet.com
    O1 - Hosts: 204.9.190.180 www.onlineid.bankofamerica.com
    O1 - Hosts: 204.9.190.180 wvw.e-gold.com
    O1 - Hosts: 204.9.190.180 pcbs.peoples.com
    O1 - Hosts: 204.9.190.180 www.global1.onlinebank.com
    O1 - Hosts: 204.9.190.180 ww2.mybranch.lafcu.com
    O1 - Hosts: 204.9.190.180 login.webbanking.comerica.com
    O1 - Hosts: 204.9.190.180 web.banking.firsttennessee.com
    O1 - Hosts: 204.9.190.180 logon.members1st.org
    O1 - Hosts: 204.9.190.180 www.cib.ibanking-services.com
    O1 - Hosts: 204.9.190.180 www.miwebbusbank.ebanking-services.com
    O1 - Hosts: 204.9.190.180 wvw.paypal.com
    O1 - Hosts: 204.9.190.180 www.signin.ebay.com
    O1 - Hosts: 204.9.190.180 www.bvi.bancodevalencia.es
    O1 - Hosts: 204.9.190.180 extrant.banesto.es
    O1 - Hosts: 204.9.190.180 banesnt.banesto.es
    O1 - Hosts: 204.9.190.180 activia.caixagalicia.es
    O1 - Hosts: 204.9.190.180 www.bancae.caixapenedes.com
    O1 - Hosts: 204.9.190.180 login.caixasabadell.net
    O1 - Hosts: 204.9.190.180 oii.cajamadrid.es
    O1 - Hosts: 204.9.190.180 login.cajamar.es
    O1 - Hosts: 204.9.190.180 login.ccm.es
    O1 - Hosts: 204.9.190.180 ww.unicaja.es
    O1 - Hosts: 204.9.190.180 ww.bayernlb.de
    O1 - Hosts: 204.9.190.180 ww2.berliner-volksbank.de
    O1 - Hosts: 204.9.190.180 ww7.homebanking-berlin.de
    O1 - Hosts: 204.9.190.180 portal09.commerzbanking.de
    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
    O1 - Hosts: 204.9.190.180 www.meine.deutsche-bank.de
    O1 - Hosts: 204.9.190.180 ww2.dresdner-privat.de
    O1 - Hosts: 204.9.190.180 ww.e-banking.helaba.de
    O1 - Hosts: 204.9.190.180 ww.hsh-nordbank.de
    O1 - Hosts: 204.9.190.180 www.my.hypovereinsbank.de
    O1 - Hosts: 204.9.190.180 ww3.homebanking-berlin.de
    O1 - Hosts: 204.9.190.180 www.banking.lbbw.de
    O1 - Hosts: 204.9.190.180 lrp.sparkasse-banking.de
    O1 - Hosts: 204.9.190.180 ww3.homebanking-niedersachsen.de
    O1 - Hosts: 204.9.190.180 www.onlinebanking.norisbank.de
    O1 - Hosts: 204.9.190.180 www.banking.postbank.de
    O1 - Hosts: 204.9.190.180 ww.bics.fr
    O1 - Hosts: 204.9.190.180 www.co.caixabank.fr
    O1 - Hosts: 204.9.190.180 ww.creditmutuel.fr
    O1 - Hosts: 204.9.190.180 internetbank.intesabci.it
    O1 - Hosts: 204.9.190.180 ww.extensive.bancalombarda.it
    O1 - Hosts: 204.9.190.180 wvw.csebanking.it
    O1 - Hosts: 204.9.190.180 www.mybank.bybank.it
    O1 - Hosts: 204.9.190.180 ww.isideonline.it
    O1 - Hosts: 204.9.190.180 ww3.sella.it
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\tas
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 23.06.05, 13:48
    Chwila i znowu syf? Po co mam Ci pomagac skoro nie umiesz korzystac z internetu?

    Usun wszystkie O1 i wklej nowy log, zainstaluj:
    www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
    przeskanuj i wlacz ochrone przegladarki
    www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
    ochrone przegladarki
    download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 23.06.05, 14:01
    Logfile of HijackThis v1.99.1
    Scan saved at 14:01:33, on 2005-06-23
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\netddeclnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\nbthlp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\phqghum.EXE
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
    O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
    O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
    C:\WINDOWS\System32\netddeclnt.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 23.06.05, 14:25
    Czemu nie zainstalowales żadnego programu z tych co podalem?

    To kasujesz w hijackthis:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
    O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
    O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
    O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
    O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
    C:\WINDOWS\System32\netddeclnt.exe (file missing)

    Zamykasz procesy w menadzerze zadan i usuwasz z dysku:
    C:\WINDOWS\System32\netddeclnt.exe
    C:\WINDOWS\System32\nbthlp.exe
    C:\WINDOWS\System32\phqghum.EXE
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 23.06.05, 16:12
    Ja chyba wiem z kąd się biorą te wiry. Zawsze jak łącze się z internetem to mi
    jakaś stronka wyskakuje z windowsa i w tedy program antywirusowy (avast) wykrywa
    mi wira. Sprubóje jakoś zablokować tą stronke....jak się da.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:09:09, on 2005-06-23
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 23.06.05, 18:39
    Jaka stronka? podaj jej adres.
    Miales przeskanowac MS Anti Spyware zrobiles to?
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 23.06.05, 18:50
    Ta stronka to :
    file:///C:/Documents%20and%20Settings/aa/%25SYSROOT%25/update-sp5.html
    Sprawdz ją ale pewnie trzeba bedzie ja zablokowac i powiec czego mi ona wyskakuje.
    Tego programu jeszcze niezainstalowałem ale moge go zainstalować....niewystarczy
    mi avast.
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 23.06.05, 19:06
    Przeciez nie po to Ci podalem zebys nie instalowal! Avast to antyvirus, a
    Antyspyware to antyspyware, to dwie rozne rzeczy masz zainstalowac,
    przeskanowac i usunac co znajdzie.
    A to co podales to nie strona tylko plik na dysku i jest to ten trojan:
    www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43245
    I to on Ci instalowal te wszystkie smiecie.Na stronie masz podane co i gdzie w
    rejestrze oraz na dysku usunac.Usun caly katalog:
    C:/Documents and Settings/aa/%SYSROOT%/

    Do tego przeskanuj system tym:
    housecall.trendmicro.com/housecall/start_corp.asp
    www.windowsecurity.com/trojanscan/
    www.pandasoftware.com/activescan/pol/activescan_principal.htm
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 24.06.05, 12:52
    Logfile of HijackThis v1.99.1
    Scan saved at 12:51:41, on 2005-06-24
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 24.06.05, 14:06
    Zabespieczenie niumożliwiają uruchomienie formatu ActiveX. Jak to odwrucić. Bo
    mi blokuje niekture rzeczy.
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 24.06.05, 16:11
    IE->Narzedzia->Opcje Internetowe->Zabezpieczenia->Poziom Niestandardowy i tam
    wybierz przy podpisanych activex na monituj, nie podpisane zostaw wylaczone bo
    znowu Ci sie cos zainstaluje ;-)
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 04.07.05, 18:09
    Logfile of HijackThis v1.99.1
    Scan saved at 18:08:56, on 2005-07-04
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\wuamkop32.exe
    C:\WINDOWS\System32\winssh.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
    Files\YourSiteBar\ysb.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\Run: [Network Access] winssh.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\RunServices: [Network Access] winssh.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 04.07.05, 18:34
    No i co znowu sie zarobaczyles? Wystarczylo pare dni i juz, tak bedziesz
    wklejal co chwile?

    Wpisy kasujesz, pliki usuwasz:
    O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
    Files\YourSiteBar\ysb.dll (file missing)
    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\Run: [Network Access] winssh.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\RunServices: [Network Access] winssh.exe

    I postaraj sie juz nie psuc znowu.

    Moze to Ci troche pomoze:
    www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
    przeskanuj i wlacz ochrone przegladarki
    www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
    ochrone przegladarki
    download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 04.07.05, 20:38
    SpyBot S&D wykrył mi 47 problemów, mam je usunąć czy podać Ci jakie to są pliki.
    Bo jak klikam na "Napraw zaznaczone problemy" to mi wyskakuje okienko "Masz
    zamiar usunąć zaznaczone wpisy. Czy chcesz kontynuować?
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 04.07.05, 21:29
    Mozesz usunac nic zlego sie nie stanie.To same ciastka itp dlatego jest ich tak
    duzo.
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 05.07.05, 16:05
    Może wiesz skąd mogę ściągnąć spolszczenie do Microsoft AntiSpyware, jak nie to
    może jest jakaś polska stronka gdzie jest wytłumaczone jak obsługiwać się tym
    programem. Jak nic z tych rzeczy niema to powiec mi jak obsługiwać się
    "Real-time Protection". Chodzi mi o to jak włączyć jaką kolwiek ochronę w tym
    programie.
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 05.07.05, 16:40
    Polskiej wersji jeszcze nie ma, co do spolszczenia to nie wiem ale pewnie tez
    nie ma.Do tego sam nie mam zainstalowanego AntiSpyware wiec Ci nie napisze co i
    jak :(
    Ale pewnie wystarczy nacisnac Enable Real-time Protection.
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 08.07.05, 15:36
    Logfile of HijackThis v1.99.1
    Scan saved at 15:35:54, on 2005-07-08
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\wuamkop32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
    missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
    \SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program
    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 08.07.05, 15:51
    No i znowu:
    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe

    Pliki usun w trybie awaryjnym czy jak tam chcesz.

    Nie bede Ci co chwile sprawdzal loga...
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 15.07.05, 20:56
    Logfile of HijackThis v1.99.1
    Scan saved at 20:52:06, on 2005-07-15
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer -
    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
    /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
    800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 15.07.05, 21:56
    Wyglada ok.
  • Gość: Michał IP: *.neoplus.adsl.tpnet.pl 08.08.05, 11:54
    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:57, on 2005-08-08
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    szukaj.wp.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
    missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
    \SPYBOT~1\SDHelper.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PowerDVD] C:\Program
    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 08.08.05, 17:19
    Po co ten log? Jak jest ok to sprawdzaj sam na www.hijackthis.de
  • Gość: kbkaK IP: *.neoplus.adsl.tpnet.pl 08.08.05, 21:31
    Kolobos, ja Cię nie pytam skąd Ty to wszystko wiesz, ja Cię pytam, skąd Ty masz
    tyle cierpliwości.

    ...

    A Michaś ma takie hobby, że wkleja logi
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 08.08.05, 22:37
    Moja cierpliwosc owocuje poszerzaniem mojej wiedzy, wiec czemu mialbym nie byc
    cierpliwy? :>
  • Gość: Basia IP: 80.51.249.* 09.08.05, 14:12
    Na tym forum mozna zglupiec a nie poszerzac wiedze :)

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka