bardzo prosze o sprawdzenie loga dzieki

IP: 80.51.233.* 20.03.05, 17:40
Logfile of HijackThis v1.99.1
Scan saved at 17:39:01, on 2005-03-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Wiadomek\Wiadomek.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
c:\searchpage.html#1507
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.bankmacieja.com/pages/rotator.php?user=garden54
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
c:\searchpage.html#1507
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=e:\colins\watch.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -
C:\WINDOWS\BTGrab.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} -
C:\WINDOWS\System32\inetp60.dll
O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
C:\WINDOWS\System32\msiefr40.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -
C:\WINDOWS\System32\stlb2.dll (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
C:\WINDOWS\DOWNLO~1\potwbar.dll
O2 - BHO: (no name) - {61AD6F5B-9630-0A99-875E-63557BA47B6C} -
C:\WINDOWS\System32\qnop.dll (file missing)
O2 - BHO: browsebyte - {83662615-AC03-9B23-07F6-86F0D0865739} - C:\PROGRA~1
\GREATD~1\Vga gpl.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
O2 - BHO: Curl Class - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
C:\WINDOWS\System32\apuc.dll (file missing)
O2 - BHO: TestMyIE2 Class - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: longbuildanti - {AB33EE07-3FD8-1531-AFC5-C6283FF1E616} -
C:\PROGRA~1\GREATD~1\Vga gpl.dll (file missing)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -
C:\WINDOWS\System32\stlb2.dll (file missing)
O3 - Toolbar: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
C:\WINDOWS\DOWNLO~1\potwbar.dll
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program
Files\bridge.dll",Load
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [New Hope] C:\DOCUME~1\AGNIES~1\DANEAP~1\Binusernurb\pop
type heck.exe
O4 - HKLM\..\Run: [kbsv] C:\WINDOWS\kbsv.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [Windows HTTP SubSystem] C:\WINDOWS\System32\winhttp.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32
\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32
\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egziwmotqqhs] C:\WINDOWS\System32\sjdysx.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\He
    • Gość: neder Re: bardzo prosze o sprawdzenie loga dzieki IP: *.neoplus.adsl.tpnet.pl 20.03.05, 17:48
      dokjlej resztę loga bo nie zmieścił Ci się cały.


      pzdr.
    • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 17:51
      ups faktycznie przepraszam
      Logfile of HijackThis v1.99.1
      Scan saved at 17:39:01, on 2005-03-20
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\Save\Save.exe
      C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Wiadomek\Wiadomek.exe
      C:\Program Files\ClockSync\Sync.exe
      C:\Program Files\Tlen.pl\tlen.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      E:\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      c:\searchpage.html#1507
      R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      file://C:\WINDOWS\System32/left.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.bankmacieja.com/pages/rotator.php?user=garden54
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      c:\searchpage.html#1507
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      amazingautossearch.com/searchbar.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
      searchmyrequest.com/hp.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F3 - REG:win.ini: load=e:\colins\watch.exe
      F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
      O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -
      C:\WINDOWS\BTGrab.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} -
      C:\WINDOWS\System32\inetp60.dll
      O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
      C:\WINDOWS\System32\msiefr40.dll
      O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -
      C:\WINDOWS\System32\stlb2.dll (file missing)
      O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
      C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
      O2 - BHO: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
      C:\WINDOWS\DOWNLO~1\potwbar.dll
      O2 - BHO: (no name) - {61AD6F5B-9630-0A99-875E-63557BA47B6C} -
      C:\WINDOWS\System32\qnop.dll (file missing)
      O2 - BHO: browsebyte - {83662615-AC03-9B23-07F6-86F0D0865739} - C:\PROGRA~1
      \GREATD~1\Vga gpl.dll (file missing)
      O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
      C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
      O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
      C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
      O2 - BHO: Curl Class - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
      C:\WINDOWS\System32\NDrv.dll (file missing)
      O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
      C:\WINDOWS\System32\apuc.dll (file missing)
      O2 - BHO: TestMyIE2 Class - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
      C:\WINDOWS\System32\mshelper.dll (file missing)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: longbuildanti - {AB33EE07-3FD8-1531-AFC5-C6283FF1E616} -
      C:\PROGRA~1\GREATD~1\Vga gpl.dll (file missing)
      O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -
      C:\WINDOWS\System32\stlb2.dll (file missing)
      O3 - Toolbar: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
      C:\WINDOWS\DOWNLO~1\potwbar.dll
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
      Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program
      Files\bridge.dll",Load
      O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
      O4 - HKLM\..\Run: [New Hope] C:\DOCUME~1\AGNIES~1\DANEAP~1\Binusernurb\pop type
      heck.exe
      O4 - HKLM\..\Run: [kbsv] C:\WINDOWS\kbsv.exe
      O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
      O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
      \bin\jusched.exe
      O4 - HKLM\..\Run: [Windows HTTP SubSystem] C:\WINDOWS\System32\winhttp.exe
      O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
      O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32
      \inetp60.dll,DllRunServer
      O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32
      \msiefr40.dll,DllRunServer
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [egziwmotqqhs] C:\WINDOWS\System32\sjdysx.exe
      O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
      Network\bin\bargains.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
      O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
      E6F1873B.DLL,D9EBC318C
      O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
      \spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HP Software Upd
      • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 17:52
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
        Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Thru] C:\Documents and Settings\Agnieszka\Dane
        aplikacji\wihe.exe
        O4 - HKCU\..\Run: [SlackerElves] C:\Program Files\ScreenMates\elves.exe
        O4 - HKCU\..\Run: [Yzb] C:\WINDOWS\System32\hubgl.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\Wiadomek.exe
        O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Web Rebates - file://C:\Program
        Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\System32\msjava.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O13 - DefaultPrefix: c:\searchpage.html?page=
        O13 - WWW Prefix: c:\searchpage.html?page=
        O13 - Home Prefix: c:\searchpage.html?page=
        O13 - Mosaic Prefix: c:\searchpage.html?page=
        O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -
        www.lyricsdomain.com/download.mp3.exe
        O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} (Fun and Games Toolbar) -
        toolbar.pickoftheweb.com/potwbar.cab
        O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
        www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
        O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
        www.huzio.friko.pl/AGA_16_Rozdziewiczenie.exe
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
        www.accessoveloce.com/webline/x/wmdsex218x.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
        \Grisoft\AVGFRE~1\avgupsvc.exe

        • Gość: Kolobos Re: bardzo prosze o sprawdzenie loga dzieki IP: *.warszawa.sdi.tpnet.pl 20.03.05, 18:06
          Duzo smieci, ale tak to jest jak sie wchodzi na strony porono to pozniej jest
          pelno takich rzeczy:
          O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
          www.huzio.friko.pl/AGA_16_Rozdziewiczenie.exe

          Sciagnij przeskanuj system tym:
          CWS Shredder cwshredder.net/bin/CWShredder.exe
          Ad-Aware www.lavasoftusa.com/software/adaware/
          SpyBot S&D security.kolla.de/
          SpywareBlaster www.javacoolsoftware.com/spywareblaster.html

          I jak juz przeskanujesz tym wszystkim to wklej nowy log.
          • Gość: neder Re: bardzo prosze o sprawdzenie loga dzieki IP: *.neoplus.adsl.tpnet.pl 20.03.05, 18:14
            Gość portalu: Kolobos napisał(a):

            > Duzo smieci, ale tak to jest jak sie wchodzi na strony porono to pozniej jest
            > pelno takich rzeczy:


            to+ z tego co widze brak firewalla.


            w następnym logu będzie też odrobinę czysciej i jaśniej, jak usuniesz poprzez
            dodaj/usuń programy wszystkie Search (bar itp)
            • Gość: neder Re: bardzo prosze o sprawdzenie loga dzieki IP: *.neoplus.adsl.tpnet.pl 20.03.05, 18:18
              Gość portalu: neder napisał(a):

              > to+ z tego co widze brak firewalla.



              ale za to 2 antywirusy - nie może tak być - odinstaluj jednego (radzę AVG i
              zostawić avasta - jest lepszy)
    • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 19:41
      Logfile of HijackThis v1.99.1
      Scan saved at 19:40:27, on 2005-03-20
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\Save\Save.exe
      C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Wiadomek\Wiadomek.exe
      C:\Program Files\Tlen.pl\tlen.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      E:\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      c:\searchpage.html#1507
      R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      file://C:\WINDOWS\System32/left.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.bankmacieja.com/pages/rotator.php?user=garden54
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      c:\searchpage.html#1507
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      amazingautossearch.com/searchbar.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      c:\searchpage.html#1507
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      c:\searchpage.html#1507
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F3 - REG:win.ini: load=e:\colins\watch.exe
      F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
      O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -
      C:\WINDOWS\BTGrab.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} -
      C:\WINDOWS\System32\inetp60.dll
      O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
      C:\WINDOWS\System32\msiefr40.dll
      O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -
      C:\WINDOWS\System32\stlb2.dll (file missing)
      O2 - BHO: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
      C:\WINDOWS\DOWNLO~1\potwbar.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
      Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {61AD6F5B-9630-0A99-875E-63557BA47B6C} -
      C:\WINDOWS\System32\qnop.dll (file missing)
      O2 - BHO: browsebyte - {83662615-AC03-9B23-07F6-86F0D0865739} - C:\PROGRA~1
      \GREATD~1\Vga gpl.dll (file missing)
      O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
      C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
      O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
      C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
      O2 - BHO: Curl Class - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
      C:\WINDOWS\System32\NDrv.dll (file missing)
      O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
      C:\WINDOWS\System32\apuc.dll (file missing)
      O2 - BHO: TestMyIE2 Class - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: longbuildanti - {AB33EE07-3FD8-1531-AFC5-C6283FF1E616} -
      C:\PROGRA~1\GREATD~1\Vga gpl.dll (file missing)
      O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -
      C:\WINDOWS\System32\stlb2.dll (file missing)
      O3 - Toolbar: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
      C:\WINDOWS\DOWNLO~1\potwbar.dll
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
      Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program
      Files\bridge.dll",Load
      O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
      O4 - HKLM\..\Run: [New Hope] C:\DOCUME~1\AGNIES~1\DANEAP~1\Binusernurb\pop type
      heck.exe
      O4 - HKLM\..\Run: [kbsv] C:\WINDOWS\kbsv.exe
      O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
      O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
      \bin\jusched.exe
      O4 - HKLM\..\Run: [Windows HTTP SubSystem] C:\WINDOWS\System32\winhttp.exe
      O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
      O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32
      \inetp60.dll,DllRunServer
      O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32
      \msiefr40.dll,DllRunServer
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [egziwmotqqhs] C:\WINDOWS\System32\sjdysx.exe
      O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
      Network\bin\bargains.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
      O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
      E6F1873B.DLL,D9EBC318C
      O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
      \spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
      Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
      Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Thru] C:\Documents and Settings\Agnieszka\Dane
      aplikacji\wihe.exe
      O4 - HKCU\..\Run: [SlackerElves] C
      • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 19:43
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\Wiadomek.exe
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Web Rebates - file://C:\Program
        Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\System32\msjava.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O13 - DefaultPrefix: c:\searchpage.html?page=
        O13 - WWW Prefix: c:\searchpage.html?page=
        O13 - Home Prefix: c:\searchpage.html?page=
        O13 - Mosaic Prefix: c:\searchpage.html?page=
        O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -
        www.lyricsdomain.com/download.mp3.exe
        O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} (Fun and Games Toolbar) -
        toolbar.pickoftheweb.com/potwbar.cab
        O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
        www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
        O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
        www.huzio.friko.pl/AGA_16_Rozdziewiczenie.exe
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
        www.accessoveloce.com/webline/x/wmdsex218x.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)

        • Gość: Kolobos Re: bardzo prosze o sprawdzenie loga dzieki IP: *.warszawa.sdi.tpnet.pl 20.03.05, 20:36
          Uruchom hijackthis, wybierz tylko skanowanie i zaznacz te wpisy:

          R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
          c:\searchpage.html#1507
          R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          file://C:\WINDOWS\System32/left.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*www.yahoo.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.bankmacieja.com/pages/rotator.php?user=garden54
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          c:\searchpage.html#1507
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
          amazingautossearch.com/searchbar.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          c:\searchpage.html#1507
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          c:\searchpage.html#1507
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          c:\searchpage.html#1507
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
          F3 - REG:win.ini: load=e:\colins\watch.exe
          F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
          O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -
          C:\WINDOWS\BTGrab.dll
          O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} -
          C:\WINDOWS\System32\inetp60.dll
          O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
          C:\WINDOWS\System32\msiefr40.dll
          O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -
          C:\WINDOWS\System32\stlb2.dll (file missing)
          O2 - BHO: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
          C:\WINDOWS\DOWNLO~1\potwbar.dll
          O2 - BHO: (no name) - {61AD6F5B-9630-0A99-875E-63557BA47B6C} -
          C:\WINDOWS\System32\qnop.dll (file missing)
          O2 - BHO: browsebyte - {83662615-AC03-9B23-07F6-86F0D0865739} - C:\PROGRA~1
          \GREATD~1\Vga gpl.dll (file missing)
          O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
          C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
          O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
          C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
          O2 - BHO: Curl Class - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
          C:\WINDOWS\System32\NDrv.dll (file missing)
          O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
          C:\WINDOWS\System32\apuc.dll (file missing)
          O2 - BHO: TestMyIE2 Class - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)
          O3 - Toolbar: longbuildanti - {AB33EE07-3FD8-1531-AFC5-C6283FF1E616} -
          C:\PROGRA~1\GREATD~1\Vga gpl.dll (file missing)
          O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -
          C:\WINDOWS\System32\stlb2.dll (file missing)
          O3 - Toolbar: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
          C:\WINDOWS\DOWNLO~1\potwbar.dll
          O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program
          Files\bridge.dll",Load
          O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
          O4 - HKLM\..\Run: [New Hope] C:\DOCUME~1\AGNIES~1\DANEAP~1\Binusernurb\pop type
          heck.exe
          O4 - HKLM\..\Run: [kbsv] C:\WINDOWS\kbsv.exe
          O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
          O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
          \bin\jusched.exe
          O4 - HKLM\..\Run: [Windows HTTP SubSystem] C:\WINDOWS\System32\winhttp.exe
          O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
          O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32
          \inetp60.dll,DllRunServer
          O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32
          \msiefr40.dll,DllRunServer
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
          Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [egziwmotqqhs] C:\WINDOWS\System32\sjdysx.exe
          O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
          O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
          Network\bin\bargains.exe
          O4 - HKLM\..\Run: [WebRebates0] "C:\Program
          Files\Web_Rebates\WebRebates0.exe"
          O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
          6F1873B.DLL,D9EBC318C
          O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
          O4 - HKCU\..\Run: [Thru] C:\Documents and Settings\Agnieszka\Dane
          aplikacji\wihe.exe
          O4 - HKCU\..\Run: [SlackerElves] C
          O4 - HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\Wiadomek.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office10\OSA.EXE
          O8 - Extra context menu item: Web Rebates - file://C:\Program
          Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\WINDOWS\System32\msjava.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\WINDOWS\System32\msjava.dll
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          C:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - C:\WINDOWS\web\related.htm
          O13 - DefaultPrefix: c:\searchpage.html?page=
          O13 - WWW Prefix: c:\searchpage.html?page=
          O13 - Home Prefix: c:\searchpage.html?page=
          O13 - Mosaic Prefix: c:\searchpage.html?page=
          O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -
          www.lyricsdomain.com/download.mp3.exe
          O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} (Fun and Games Toolbar) -
          toolbar.pickoftheweb.com/potwbar.cab
          O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
          ww2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
          O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
          www.huzio.friko.pl/AGA_16_Rozdziewiczenie.exe
          O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
          www.accessoveloce.com/webline/x/wmdsex218x.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)

          I Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log.
          Dawno takiego smietnika nie widzialem, to nie komputer ale wylegarnia
          spyware'u ;-)

          W przyszlosci nie radze wchodzic na "zle" strony, erotyczne itd, najlepiej
          zmienic przegladarke na FireFox'a tam sie samo nic nie zainstaluje.
    • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 21:05
      serdecznie dziekuje za pomoc a wszystko jest wina zostawiania samego mojego
      brata ...

      Logfile of HijackThis v1.99.1
      Scan saved at 21:03:49, on 2005-03-20
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Wiadomek\Wiadomek.exe
      C:\Program Files\Tlen.pl\tlen.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\HijackThis.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\setup\avast.setup

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
      Files\Spybot - Search & Destroy\SDHelper.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
      Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
      \spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
      Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
      Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Thru] C:\Documents and Settings\Agnieszka\Dane
      aplikacji\wihe.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\Wiadomek.exe
      O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe

      • Gość: Kolobos Re: bardzo prosze o sprawdzenie loga dzieki IP: *.warszawa.sdi.tpnet.pl 20.03.05, 21:16
        Jedyne co zostalo to to:
        O4 - HKCU\..\Run: [Thru] C:\Documents and Settings\Agnieszka\Dane
        aplikacji\wihe.exe

        Jakby wrocilo po resecie to sciagnij killbox
        www.downloads.subratam.org/KillBox.zip
        wybierz ten plik albo wklej sciezke do programu:
        C:\Documents and Settings\Agnieszka\Dane aplikacji\wihe.exe
        I wybierz usuniecie przy rebootcie.

        Pamietaj o skanowaniu co jakis czas tymi programami:
        CWS Shredder cwshredder.net/bin/CWShredder.exe
        Ad-Aware www.lavasoftusa.com/software/adaware/
        SpyBot S&D security.kolla.de/ <- w tym wlacz ochrone przed robakami
        SpywareBlaster www.javacoolsoftware.com/spywareblaster.html <- tak samo tutaj
        ochrone przegladarki

        Pomysl tez o instalacji Firewall'a bo chyba żadnego nie masz.

        A i juz nigdy nie dawaj bratu dotykac sie do komputera! ;-)
        • Gość: agnieszka Re: bardzo prosze o sprawdzenie loga dzieki IP: 80.51.233.* 20.03.05, 21:18
          naprawde nie wiem jak dziekowac
          ale na pewno ci to ktos wynagrodzi
          brat - kłódka na komputer jak mnie nie bedzie ok
          tylko nie wiem jak zainstalowac tego firewalla " z czym to się je ? "
          • Gość: Kolobos Re: bardzo prosze o sprawdzenie loga dzieki IP: *.warszawa.sdi.tpnet.pl 20.03.05, 21:29
            ZoneAlarm ->
            download.zonelabs.com/bin/free/1012_zl/zlsSetup_55_062_011.exe
            Po instalacji trzeba wejsc we wlasciwosci i ustawic suwak przy aplikacjach na
            tryb uczenia sie bo inaczej co chwile beda wyskakiwac okienka, ze cos chce
            uzyskac dostep do internetu, ogolnie jak znasz angielski to sobie poradzisz z
            ustawieniem wszystkiego tak jak chcesz :-)
            A jezeli bedzie zle ustawiony to bedzie blokowal, potrzebne rzeczy wiec warto
            poswiecic chwile i obejrzec opcje konfiguracyjne.

            Albo Kerio
            www.kerio.com/us/kpf_home.html
            spolszczenie:
            www.kerio.tk/
            Tego sam nie uzywam wiec nie wiem co i jak.

Pełna wersja