Dodaj do ulubionych

Prosze o sprawdzenie loga z HiJackThis

IP: *.neoplus.adsl.tpnet.pl 15.06.05, 08:33
Logfile of HijackThis v1.99.1
Scan saved at 08:33:01, on 2005-06-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rpcclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Nikon\NkView6\NkvMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program
Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-
B92435320F69}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown
owner - C:\WINDOWS\System32\rpcclient.exe

Obserwuj wątek
    • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 15.06.05, 13:24
      Po co zakladasz drugi watek? Nawet nie zrobiles tego co Ci wczesniej napisalem!
      Wiec poczytaj jeszcze raz:
      forum.gazeta.pl/forum/72,2.html?f=430&w=25208866&a=25210876
      Jak dalej bedzie to samo to przeczytaj jeszcze raz i jeszcze az zrobisz to co
      napisalem...

      + to:
      O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner -
      C:\WINDOWS\System32\rpcclient.exe

      Mozesz tez usunac aplikacje od neostrady jak chcesz:
      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
      Nie jest ona do niczego potrzebna.
      • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 17.06.05, 17:24
        Logfile of HijackThis v1.99.1
        Scan saved at 17:21:59, on 2005-06-17
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\WINDOWS\System32\ctfmon.exe
        F:\Nikon\NkView6\NkvMon.exe
        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
        C:\PROGRA~1\NEOSTR~1\ComComp.exe
        C:\PROGRA~1\NEOSTR~1\Watch.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\WINDOWS\System32\netddeclnt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O2 - BHO: FlashFXP Helper for Internet Explorer -
        {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
        /autostart
        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
        files\SearchUpgrader\SearchUpgrader.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
        Files\InterVideo\Common\Bin\WinCinemaMgr.exe
        O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
        800-840\dslmon.exe
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar1.dll/cmtrans.html
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
        software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
        67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
        NameServer = 194.204.152.34 217.98.63.164
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
        C:\WINDOWS\System32\netddeclnt.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe

          • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 17.06.05, 19:23
            Po usunięciu tego:
            O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
            files\SearchUpgrader\SearchUpgrader.exe
            O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
            Optimizer\optimize.exe
            Niemogłem znaleść tego:
            C:\Program Files\Internet Optimizer\
            C:\Program Files\Common files\SearchUpgrader\
            czy wysłać Ci jeszcze jednego loga.
            i jagbyś mógł to poleć mi jakiś proglam który mi dokładnie przeskanuje komputer.



              • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 18.06.05, 09:45
                Prosze sprawdz teras czy coś jest....
                Logfile of HijackThis v1.99.1
                Scan saved at 09:44:55, on 2005-06-18
                Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\SYSTEM32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\LEXBCES.EXE
                C:\WINDOWS\system32\LEXPPS.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\System32\netddeclnt.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                F:\Nikon\NkView6\NkvMon.exe
                C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\WINDOWS\System32\svchost.exe
                C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                C:\PROGRA~1\NEOSTR~1\ComComp.exe
                C:\PROGRA~1\NEOSTR~1\Watch.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.neostrada.pl
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                c:\program files\google\googletoolbar1.dll
                O2 - BHO: FlashFXP Helper for Internet Explorer -
                {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                files\google\googletoolbar1.dll
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                /autostart
                O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                -atboottime
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                800-840\dslmon.exe
                O8 - Extra context menu item: &Google Search - res://c:\program
                files\google\GoogleToolbar1.dll/cmsearch.html
                O8 - Extra context menu item: Backward Links - res://c:\program
                files\google\GoogleToolbar1.dll/cmbacklinks.html
                O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                files\google\GoogleToolbar1.dll/cmcache.html
                O8 - Extra context menu item: Similar Pages - res://c:\program
                files\google\GoogleToolbar1.dll/cmsimilar.html
                O8 - Extra context menu item: Translate into English - res://c:\program
                files\google\GoogleToolbar1.dll/cmtrans.html
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                NameServer = 194.204.152.34 217.98.63.164
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                C:\WINDOWS\system32\LEXBCES.EXE
                O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                C:\WINDOWS\System32\netddeclnt.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\System32\nvsvc32.exe

                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 13:38
                    Logfile of HijackThis v1.99.1
                    Scan saved at 13:36:17, on 2005-06-23
                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\SYSTEM32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\LEXBCES.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\system32\LEXPPS.EXE
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                    C:\WINDOWS\System32\netddeclnt.exe
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                    C:\WINDOWS\System32\nbthlp.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\WINDOWS\System32\phqghum.EXE
                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                    F:\Nikon\NkView6\NkvMon.exe
                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    www.neostrada.pl
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                    O1 - Hosts: 204.9.190.180 onlineaccounts2.abbeynational.co.uk
                    O1 - Hosts: 204.9.190.180 www3.aibgbonline.co.uk
                    O1 - Hosts: 204.9.190.180 www.bank.alliance-leicester.co.uk
                    O1 - Hosts: 204.9.190.180 login.iblogin.com
                    O1 - Hosts: 204.9.190.180 ww2.bankofscotlandhalifax-online.co.uk
                    O1 - Hosts: 204.9.190.180 inet.barclays.co.uk
                    O1 - Hosts: 204.9.190.180 iibank.barclays.co.uk
                    O1 - Hosts: 204.9.190.180 iibank.cahoot.com
                    O1 - Hosts: 204.9.190.180 www3.coventrybuildingsociety.co.uk
                    O1 - Hosts: 204.9.190.180 ww.hsbc.co.uk
                    O1 - Hosts: 204.9.190.180 login.ebank.offshore.hsbc.co.je
                    O1 - Hosts: 204.9.190.180 ww3.online-offshore.lloydstsb.com
                    O1 - Hosts: 204.9.190.180 ww3.online-business.lloydstsb.co.uk
                    O1 - Hosts: 204.9.190.180 ww3.online.lloydstsb.co.uk
                    O1 - Hosts: 204.9.190.180 ob2.nationet.com
                    O1 - Hosts: 204.9.190.180 ww3.onlinebanking.natwestoffshore.com
                    O1 - Hosts: 204.9.190.180 ww1.nwolb.com
                    O1 - Hosts: 204.9.190.180 ww1.onlinebanking.iombank.com
                    O1 - Hosts: 204.9.190.180 ww1.www.rbsdigital.com
                    O1 - Hosts: 204.9.190.180 welcome.smile.co.uk
                    O1 - Hosts: 204.9.190.180 login.365online.com
                    O1 - Hosts: 204.9.190.180 wvw.citizensbankonline.com
                    O1 - Hosts: 204.9.190.180 esecure.regionsnet.com
                    O1 - Hosts: 204.9.190.180 rollb.associatedbank.com
                    O1 - Hosts: 204.9.190.180 upb.unionplanters.com
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
                    O1 - Hosts: 204.9.190.180 inet.southtrustonlinebanking.com
                    O1 - Hosts: 204.9.190.180 logon.personal.wamu.com
                    O1 - Hosts: 204.9.190.180 login.compassweb.com
                    O1 - Hosts: 204.9.190.180 logon.firstmeritib.com
                    O1 - Hosts: 204.9.190.180 login.ccfcuonline.org
                    O1 - Hosts: 204.9.190.180 ww3.etimebanker.bankofthewest.com
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.lasallebank.com
                    O1 - Hosts: 204.9.190.180 wvw.totallyfreebanking.com
                    O1 - Hosts: 204.9.190.180 www.online.wellsfargo.com
                    O1 - Hosts: 204.9.190.180 ww2.onlinebanking.bankofoklahoma.com
                    O1 - Hosts: 204.9.190.180 accounts4.keybank.com
                    O1 - Hosts: 204.9.190.180 logon.bankone.com
                    O1 - Hosts: 204.9.190.180 www.secure.tdbanknorth.com
                    O1 - Hosts: 204.9.190.180 www.secure.mvnt4.com
                    O1 - Hosts: 204.9.190.180 ww.mynfbonline.com
                    O1 - Hosts: 204.9.190.180 login.forumcuonline.com
                    O1 - Hosts: 204.9.190.180 www.eds.usersonlnet.com
                    O1 - Hosts: 204.9.190.180 www.onlineid.bankofamerica.com
                    O1 - Hosts: 204.9.190.180 wvw.e-gold.com
                    O1 - Hosts: 204.9.190.180 pcbs.peoples.com
                    O1 - Hosts: 204.9.190.180 www.global1.onlinebank.com
                    O1 - Hosts: 204.9.190.180 ww2.mybranch.lafcu.com
                    O1 - Hosts: 204.9.190.180 login.webbanking.comerica.com
                    O1 - Hosts: 204.9.190.180 web.banking.firsttennessee.com
                    O1 - Hosts: 204.9.190.180 logon.members1st.org
                    O1 - Hosts: 204.9.190.180 www.cib.ibanking-services.com
                    O1 - Hosts: 204.9.190.180 www.miwebbusbank.ebanking-services.com
                    O1 - Hosts: 204.9.190.180 wvw.paypal.com
                    O1 - Hosts: 204.9.190.180 www.signin.ebay.com
                    O1 - Hosts: 204.9.190.180 www.bvi.bancodevalencia.es
                    O1 - Hosts: 204.9.190.180 extrant.banesto.es
                    O1 - Hosts: 204.9.190.180 banesnt.banesto.es
                    O1 - Hosts: 204.9.190.180 activia.caixagalicia.es
                    O1 - Hosts: 204.9.190.180 www.bancae.caixapenedes.com
                    O1 - Hosts: 204.9.190.180 login.caixasabadell.net
                    O1 - Hosts: 204.9.190.180 oii.cajamadrid.es
                    O1 - Hosts: 204.9.190.180 login.cajamar.es
                    O1 - Hosts: 204.9.190.180 login.ccm.es
                    O1 - Hosts: 204.9.190.180 ww.unicaja.es
                    O1 - Hosts: 204.9.190.180 ww.bayernlb.de
                    O1 - Hosts: 204.9.190.180 ww2.berliner-volksbank.de
                    O1 - Hosts: 204.9.190.180 ww7.homebanking-berlin.de
                    O1 - Hosts: 204.9.190.180 portal09.commerzbanking.de
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
                    O1 - Hosts: 204.9.190.180 www.meine.deutsche-bank.de
                    O1 - Hosts: 204.9.190.180 ww2.dresdner-privat.de
                    O1 - Hosts: 204.9.190.180 ww.e-banking.helaba.de
                    O1 - Hosts: 204.9.190.180 ww.hsh-nordbank.de
                    O1 - Hosts: 204.9.190.180 www.my.hypovereinsbank.de
                    O1 - Hosts: 204.9.190.180 ww3.homebanking-berlin.de
                    O1 - Hosts: 204.9.190.180 www.banking.lbbw.de
                    O1 - Hosts: 204.9.190.180 lrp.sparkasse-banking.de
                    O1 - Hosts: 204.9.190.180 ww3.homebanking-niedersachsen.de
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.norisbank.de
                    O1 - Hosts: 204.9.190.180 www.banking.postbank.de
                    O1 - Hosts: 204.9.190.180 ww.bics.fr
                    O1 - Hosts: 204.9.190.180 www.co.caixabank.fr
                    O1 - Hosts: 204.9.190.180 ww.creditmutuel.fr
                    O1 - Hosts: 204.9.190.180 internetbank.intesabci.it
                    O1 - Hosts: 204.9.190.180 ww.extensive.bancalombarda.it
                    O1 - Hosts: 204.9.190.180 wvw.csebanking.it
                    O1 - Hosts: 204.9.190.180 www.mybank.bybank.it
                    O1 - Hosts: 204.9.190.180 ww.isideonline.it
                    O1 - Hosts: 204.9.190.180 ww3.sella.it
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                    c:\program files\google\googletoolbar1.dll
                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\System32\msdxm.ocx
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                    files\google\googletoolbar1.dll
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                    /autostart
                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\tas
                    • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 13:48
                      Chwila i znowu syf? Po co mam Ci pomagac skoro nie umiesz korzystac z internetu?

                      Usun wszystkie O1 i wklej nowy log, zainstaluj:
                      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                      przeskanuj i wlacz ochrone przegladarki
                      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                      ochrone przegladarki
                      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
                      • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 14:01
                        Logfile of HijackThis v1.99.1
                        Scan saved at 14:01:33, on 2005-06-23
                        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\SYSTEM32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\LEXBCES.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\system32\LEXPPS.EXE
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\WINDOWS\System32\netddeclnt.exe
                        C:\WINDOWS\System32\nvsvc32.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                        C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                        C:\Program Files\QuickTime\qttask.exe
                        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                        C:\WINDOWS\System32\nbthlp.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\WINDOWS\System32\phqghum.EXE
                        C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                        F:\Nikon\NkView6\NkvMon.exe
                        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                        C:\PROGRA~1\NEOSTR~1\ComComp.exe
                        C:\PROGRA~1\NEOSTR~1\Watch.exe
                        C:\Program Files\Gadu-Gadu\gg.exe
                        C:\WINDOWS\System32\wuauclt.exe
                        C:\Program Files\Mozilla Firefox\firefox.exe
                        C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.neostrada.pl
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                        c:\program files\google\googletoolbar1.dll
                        O2 - BHO: FlashFXP Helper for Internet Explorer -
                        {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                        C:\WINDOWS\System32\msdxm.ocx
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                        files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                        C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                        /autostart
                        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                        -atboottime
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                        Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
                        O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
                        O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
                        O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                        Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                        O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                        Office\Office\OSA9.EXE
                        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                        800-840\dslmon.exe
                        O8 - Extra context menu item: &Google Search - res://c:\program
                        files\google\GoogleToolbar1.dll/cmsearch.html
                        O8 - Extra context menu item: Backward Links - res://c:\program
                        files\google\GoogleToolbar1.dll/cmbacklinks.html
                        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                        files\google\GoogleToolbar1.dll/cmcache.html
                        O8 - Extra context menu item: Similar Pages - res://c:\program
                        files\google\GoogleToolbar1.dll/cmsimilar.html
                        O8 - Extra context menu item: Translate into English - res://c:\program
                        files\google\GoogleToolbar1.dll/cmtrans.html
                        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                        software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                        67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                        NameServer = 194.204.152.34 217.98.63.164
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashMaiSv.exe" /service (file missing)
                        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashWebSv.exe" /service (file missing)
                        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                        C:\WINDOWS\system32\LEXBCES.EXE
                        O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                        C:\WINDOWS\System32\netddeclnt.exe (file missing)
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                        C:\WINDOWS\System32\nvsvc32.exe

                        • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 14:25
                          Czemu nie zainstalowales żadnego programu z tych co podalem?

                          To kasujesz w hijackthis:

                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
                          O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
                          O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
                          O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
                          O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                          C:\WINDOWS\System32\netddeclnt.exe (file missing)

                          Zamykasz procesy w menadzerze zadan i usuwasz z dysku:
                          C:\WINDOWS\System32\netddeclnt.exe
                          C:\WINDOWS\System32\nbthlp.exe
                          C:\WINDOWS\System32\phqghum.EXE
                          • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 16:12
                            Ja chyba wiem z kąd się biorą te wiry. Zawsze jak łącze się z internetem to mi
                            jakaś stronka wyskakuje z windowsa i w tedy program antywirusowy (avast) wykrywa
                            mi wira. Sprubóje jakoś zablokować tą stronke....jak się da.

                            Logfile of HijackThis v1.99.1
                            Scan saved at 16:09:09, on 2005-06-23
                            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\SYSTEM32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\LEXBCES.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\system32\LEXPPS.EXE
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashServ.exe
                            C:\WINDOWS\System32\nvsvc32.exe
                            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                            C:\Program Files\QuickTime\qttask.exe
                            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                            C:\WINDOWS\System32\ctfmon.exe
                            C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                            F:\Nikon\NkView6\NkvMon.exe
                            C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                            C:\WINDOWS\System32\wuauclt.exe
                            C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                            C:\PROGRA~1\NEOSTR~1\ComComp.exe
                            C:\PROGRA~1\NEOSTR~1\Watch.exe
                            C:\Program Files\Tlen.pl\tlen.exe
                            C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.neostrada.pl
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                            C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                            C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                            c:\program files\google\googletoolbar1.dll
                            O2 - BHO: FlashFXP Helper for Internet Explorer -
                            {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                            C:\WINDOWS\System32\msdxm.ocx
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                            files\google\googletoolbar1.dll
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                            C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                            /autostart
                            O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                            Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                            -atboottime
                            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                            Files\Real\Update_OB\realsched.exe" -osboot
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                            O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                            Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                            O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                            Office\Office\OSA9.EXE
                            O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                            800-840\dslmon.exe
                            O8 - Extra context menu item: &Google Search - res://c:\program
                            files\google\GoogleToolbar1.dll/cmsearch.html
                            O8 - Extra context menu item: Backward Links - res://c:\program
                            files\google\GoogleToolbar1.dll/cmbacklinks.html
                            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                            files\google\GoogleToolbar1.dll/cmcache.html
                            O8 - Extra context menu item: Similar Pages - res://c:\program
                            files\google\GoogleToolbar1.dll/cmsimilar.html
                            O8 - Extra context menu item: Translate into English - res://c:\program
                            files\google\GoogleToolbar1.dll/cmtrans.html
                            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                            software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                            O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                            67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                            NameServer = 194.204.152.34 217.98.63.164
                            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashServ.exe
                            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashMaiSv.exe" /service (file missing)
                            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashWebSv.exe" /service (file missing)
                            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                            C:\WINDOWS\system32\LEXBCES.EXE
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                            C:\WINDOWS\System32\nvsvc32.exe

                                • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 19:06
                                  Przeciez nie po to Ci podalem zebys nie instalowal! Avast to antyvirus, a
                                  Antyspyware to antyspyware, to dwie rozne rzeczy masz zainstalowac,
                                  przeskanowac i usunac co znajdzie.
                                  A to co podales to nie strona tylko plik na dysku i jest to ten trojan:
                                  www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43245
                                  I to on Ci instalowal te wszystkie smiecie.Na stronie masz podane co i gdzie w
                                  rejestrze oraz na dysku usunac.Usun caly katalog:
                                  C:/Documents and Settings/aa/%SYSROOT%/

                                  Do tego przeskanuj system tym:
                                  housecall.trendmicro.com/housecall/start_corp.asp
                                  www.windowsecurity.com/trojanscan/
                                  www.pandasoftware.com/activescan/pol/activescan_principal.htm
                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 24.06.05, 12:52
                                    Logfile of HijackThis v1.99.1
                                    Scan saved at 12:51:41, on 2005-06-24
                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                    Running processes:
                                    C:\WINDOWS\System32\smss.exe
                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                    C:\WINDOWS\system32\services.exe
                                    C:\WINDOWS\system32\lsass.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\system32\LEXBCES.EXE
                                    C:\WINDOWS\system32\LEXPPS.EXE
                                    C:\WINDOWS\system32\spoolsv.exe
                                    C:\WINDOWS\Explorer.EXE
                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                    C:\WINDOWS\System32\nvsvc32.exe
                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                    C:\Program Files\QuickTime\qttask.exe
                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                    C:\WINDOWS\System32\ctfmon.exe
                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                    F:\Nikon\NkView6\NkvMon.exe
                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\System32\wuauclt.exe
                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                    C:\Program Files\Mozilla Firefox\firefox.exe
                                    C:\Program Files\Gadu-Gadu\gg.exe
                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                    www.neostrada.pl
                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                                    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                    c:\program files\google\googletoolbar1.dll
                                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                    C:\WINDOWS\System32\msdxm.ocx
                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                    files\google\googletoolbar1.dll
                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                    /autostart
                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                    -atboottime
                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                    Files\Real\Update_OB\realsched.exe" -osboot
                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                    Office\Office\OSA9.EXE
                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                    800-840\dslmon.exe
                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmcache.html
                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                    NameServer = 194.204.152.34 217.98.63.164
                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashServ.exe
                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                    C:\WINDOWS\system32\LEXBCES.EXE
                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                    C:\WINDOWS\System32\nvsvc32.exe

                                        • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 04.07.05, 18:09
                                          Logfile of HijackThis v1.99.1
                                          Scan saved at 18:08:56, on 2005-07-04
                                          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                          Running processes:
                                          C:\WINDOWS\System32\smss.exe
                                          C:\WINDOWS\SYSTEM32\winlogon.exe
                                          C:\WINDOWS\system32\services.exe
                                          C:\WINDOWS\system32\lsass.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\System32\svchost.exe
                                          C:\WINDOWS\system32\LEXBCES.EXE
                                          C:\WINDOWS\Explorer.EXE
                                          C:\WINDOWS\system32\LEXPPS.EXE
                                          C:\WINDOWS\system32\spoolsv.exe
                                          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                          C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                          C:\WINDOWS\System32\nvsvc32.exe
                                          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                          C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                          C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                          C:\Program Files\QuickTime\qttask.exe
                                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                          C:\WINDOWS\System32\wuamkop32.exe
                                          C:\WINDOWS\System32\winssh.exe
                                          C:\WINDOWS\System32\ctfmon.exe
                                          C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                          F:\Nikon\NkView6\NkvMon.exe
                                          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                          C:\WINDOWS\System32\svchost.exe
                                          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                          C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                          C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                          C:\PROGRA~1\NEOSTR~1\Watch.exe
                                          C:\Program Files\Gadu-Gadu\gg.exe
                                          C:\WINDOWS\system32\cmd.exe
                                          C:\WINDOWS\System32\wuauclt.exe
                                          C:\Program Files\Mozilla Firefox\firefox.exe
                                          C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                          www.neostrada.pl
                                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                          R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                          C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                          C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
                                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                          c:\program files\google\googletoolbar1.dll
                                          O2 - BHO: FlashFXP Helper for Internet Explorer -
                                          {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                          C:\WINDOWS\System32\msdxm.ocx
                                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                          files\google\googletoolbar1.dll
                                          O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
                                          Files\YourSiteBar\ysb.dll (file missing)
                                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                          C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                          O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                          /autostart
                                          O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                          Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                          O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                          O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                          O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                          -atboottime
                                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                          Files\Real\Update_OB\realsched.exe" -osboot
                                          O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                          O4 - HKLM\..\Run: [Network Access] winssh.exe
                                          O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                          O4 - HKLM\..\RunServices: [Network Access] winssh.exe
                                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                          O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                          Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                          O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                          Office\Office\OSA9.EXE
                                          O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                          800-840\dslmon.exe
                                          O8 - Extra context menu item: &Google Search - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmsearch.html
                                          O8 - Extra context menu item: Backward Links - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmbacklinks.html
                                          O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmcache.html
                                          O8 - Extra context menu item: Similar Pages - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmsimilar.html
                                          O8 - Extra context menu item: Translate into English - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmtrans.html
                                          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                          O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                          software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                          67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                          O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                          NameServer = 194.204.152.34 217.98.63.164
                                          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashServ.exe
                                          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashMaiSv.exe" /service (file missing)
                                          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashWebSv.exe" /service (file missing)
                                          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                          C:\WINDOWS\system32\LEXBCES.EXE
                                          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                          C:\WINDOWS\System32\nvsvc32.exe

                                          • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 04.07.05, 18:34
                                            No i co znowu sie zarobaczyles? Wystarczylo pare dni i juz, tak bedziesz
                                            wklejal co chwile?

                                            Wpisy kasujesz, pliki usuwasz:
                                            O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
                                            Files\YourSiteBar\ysb.dll (file missing)
                                            O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                            O4 - HKLM\..\Run: [Network Access] winssh.exe
                                            O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                            O4 - HKLM\..\RunServices: [Network Access] winssh.exe

                                            I postaraj sie juz nie psuc znowu.

                                            Moze to Ci troche pomoze:
                                            www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                                            przeskanuj i wlacz ochrone przegladarki
                                            www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                                            ochrone przegladarki
                                            download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 08.07.05, 15:36
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 15:35:54, on 2005-07-08
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\QuickTime\qttask.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\wuamkop32.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    C:\Program Files\Gadu-Gadu\gg.exe
                                                    C:\Program Files\Internet Explorer\iexplore.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                                                    szukaj.wp.pl
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
                                                    missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                                                    \SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                                    c:\program files\google\googletoolbar1.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
                                                    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                                    files\google\googletoolbar1.dll
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program
                                                    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                                                    atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                                                    AntiSpyware\gcasServ.exe"
                                                    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                                    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
                                                    \dslmon.exe
                                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmcache.html
                                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                                    NameServer = 194.204.152.34 217.98.63.164
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 15.07.05, 20:56
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 20:52:06, on 2005-07-15
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                                                    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                                    c:\program files\google\googletoolbar1.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                                                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                                    files\google\googletoolbar1.dll
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                                    /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                                    -atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                                    800-840\dslmon.exe
                                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmcache.html
                                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 08.08.05, 11:54
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 11:53:57, on 2005-08-08
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\QuickTime\qttask.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    C:\Program Files\Gadu-Gadu\gg.exe
                                                    C:\Program Files\Internet Explorer\iexplore.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                                                    szukaj.wp.pl
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
                                                    missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                                                    \SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
                                                    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program
                                                    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                                                    atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                                                    AntiSpyware\gcasServ.exe"
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
                                                    \dslmon.exe
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                                    NameServer = 194.204.152.34 217.98.63.164
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka