Dodaj do ulubionych

Prosze o sprawdzenie loga z HiJackThis

IP: *.neoplus.adsl.tpnet.pl 15.06.05, 08:33
Logfile of HijackThis v1.99.1
Scan saved at 08:33:01, on 2005-06-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rpcclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Nikon\NkView6\NkvMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program
Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-
B92435320F69}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown
owner - C:\WINDOWS\System32\rpcclient.exe

Obserwuj wątek
    • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 15.06.05, 13:24
      Po co zakladasz drugi watek? Nawet nie zrobiles tego co Ci wczesniej napisalem!
      Wiec poczytaj jeszcze raz:
      forum.gazeta.pl/forum/72,2.html?f=430&w=25208866&a=25210876
      Jak dalej bedzie to samo to przeczytaj jeszcze raz i jeszcze az zrobisz to co
      napisalem...

      + to:
      O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner -
      C:\WINDOWS\System32\rpcclient.exe

      Mozesz tez usunac aplikacje od neostrady jak chcesz:
      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
      Nie jest ona do niczego potrzebna.
      • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 17.06.05, 17:24
        Logfile of HijackThis v1.99.1
        Scan saved at 17:21:59, on 2005-06-17
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\WINDOWS\System32\ctfmon.exe
        F:\Nikon\NkView6\NkvMon.exe
        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
        C:\PROGRA~1\NEOSTR~1\ComComp.exe
        C:\PROGRA~1\NEOSTR~1\Watch.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\WINDOWS\System32\netddeclnt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O2 - BHO: FlashFXP Helper for Internet Explorer -
        {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
        /autostart
        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
        files\SearchUpgrader\SearchUpgrader.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
        Files\InterVideo\Common\Bin\WinCinemaMgr.exe
        O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
        800-840\dslmon.exe
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar1.dll/cmtrans.html
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
        software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
        67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
        NameServer = 194.204.152.34 217.98.63.164
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
        C:\WINDOWS\System32\netddeclnt.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe

        • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 17.06.05, 17:26
          Przeciez pisalem zebys odinstalowal/usunal:
          O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
          files\SearchUpgrader\SearchUpgrader.exe
          O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
          Optimizer\optimize.exe"

          Oraz ich katalogi:
          C:\Program Files\Internet Optimizer\
          C:\Program Files\Common files\SearchUpgrader\
          • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 17.06.05, 19:23
            Po usunięciu tego:
            O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
            files\SearchUpgrader\SearchUpgrader.exe
            O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
            Optimizer\optimize.exe
            Niemogłem znaleść tego:
            C:\Program Files\Internet Optimizer\
            C:\Program Files\Common files\SearchUpgrader\
            czy wysłać Ci jeszcze jednego loga.
            i jagbyś mógł to poleć mi jakiś proglam który mi dokładnie przeskanuje komputer.



            • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 17.06.05, 20:56
              Juz Ci podalem dawno program, ktorym miales przeskanowac:
              download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

              A co do katalogow to sa napewno o ile ich nie usunales, wlacz pokazywanie
              plikow ukrytych oraz wylacz ochrone plikow systemowych w opcjach folderow to
              moze sie pojawia.
              • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 18.06.05, 09:45
                Prosze sprawdz teras czy coś jest....
                Logfile of HijackThis v1.99.1
                Scan saved at 09:44:55, on 2005-06-18
                Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\SYSTEM32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\LEXBCES.EXE
                C:\WINDOWS\system32\LEXPPS.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\System32\netddeclnt.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                F:\Nikon\NkView6\NkvMon.exe
                C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\WINDOWS\System32\svchost.exe
                C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                C:\PROGRA~1\NEOSTR~1\ComComp.exe
                C:\PROGRA~1\NEOSTR~1\Watch.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.neostrada.pl
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                c:\program files\google\googletoolbar1.dll
                O2 - BHO: FlashFXP Helper for Internet Explorer -
                {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                files\google\googletoolbar1.dll
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                /autostart
                O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                -atboottime
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                800-840\dslmon.exe
                O8 - Extra context menu item: &Google Search - res://c:\program
                files\google\GoogleToolbar1.dll/cmsearch.html
                O8 - Extra context menu item: Backward Links - res://c:\program
                files\google\GoogleToolbar1.dll/cmbacklinks.html
                O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                files\google\GoogleToolbar1.dll/cmcache.html
                O8 - Extra context menu item: Similar Pages - res://c:\program
                files\google\GoogleToolbar1.dll/cmsimilar.html
                O8 - Extra context menu item: Translate into English - res://c:\program
                files\google\GoogleToolbar1.dll/cmtrans.html
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                NameServer = 194.204.152.34 217.98.63.164
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                C:\WINDOWS\system32\LEXBCES.EXE
                O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                C:\WINDOWS\System32\netddeclnt.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\System32\nvsvc32.exe

                • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 18.06.05, 11:33
                  Juz ok.
                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 13:38
                    Logfile of HijackThis v1.99.1
                    Scan saved at 13:36:17, on 2005-06-23
                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\SYSTEM32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\LEXBCES.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\system32\LEXPPS.EXE
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                    C:\WINDOWS\System32\netddeclnt.exe
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                    C:\WINDOWS\System32\nbthlp.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\WINDOWS\System32\phqghum.EXE
                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                    F:\Nikon\NkView6\NkvMon.exe
                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    www.neostrada.pl
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                    O1 - Hosts: 204.9.190.180 onlineaccounts2.abbeynational.co.uk
                    O1 - Hosts: 204.9.190.180 www3.aibgbonline.co.uk
                    O1 - Hosts: 204.9.190.180 www.bank.alliance-leicester.co.uk
                    O1 - Hosts: 204.9.190.180 login.iblogin.com
                    O1 - Hosts: 204.9.190.180 ww2.bankofscotlandhalifax-online.co.uk
                    O1 - Hosts: 204.9.190.180 inet.barclays.co.uk
                    O1 - Hosts: 204.9.190.180 iibank.barclays.co.uk
                    O1 - Hosts: 204.9.190.180 iibank.cahoot.com
                    O1 - Hosts: 204.9.190.180 www3.coventrybuildingsociety.co.uk
                    O1 - Hosts: 204.9.190.180 ww.hsbc.co.uk
                    O1 - Hosts: 204.9.190.180 login.ebank.offshore.hsbc.co.je
                    O1 - Hosts: 204.9.190.180 ww3.online-offshore.lloydstsb.com
                    O1 - Hosts: 204.9.190.180 ww3.online-business.lloydstsb.co.uk
                    O1 - Hosts: 204.9.190.180 ww3.online.lloydstsb.co.uk
                    O1 - Hosts: 204.9.190.180 ob2.nationet.com
                    O1 - Hosts: 204.9.190.180 ww3.onlinebanking.natwestoffshore.com
                    O1 - Hosts: 204.9.190.180 ww1.nwolb.com
                    O1 - Hosts: 204.9.190.180 ww1.onlinebanking.iombank.com
                    O1 - Hosts: 204.9.190.180 ww1.www.rbsdigital.com
                    O1 - Hosts: 204.9.190.180 welcome.smile.co.uk
                    O1 - Hosts: 204.9.190.180 login.365online.com
                    O1 - Hosts: 204.9.190.180 wvw.citizensbankonline.com
                    O1 - Hosts: 204.9.190.180 esecure.regionsnet.com
                    O1 - Hosts: 204.9.190.180 rollb.associatedbank.com
                    O1 - Hosts: 204.9.190.180 upb.unionplanters.com
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
                    O1 - Hosts: 204.9.190.180 inet.southtrustonlinebanking.com
                    O1 - Hosts: 204.9.190.180 logon.personal.wamu.com
                    O1 - Hosts: 204.9.190.180 login.compassweb.com
                    O1 - Hosts: 204.9.190.180 logon.firstmeritib.com
                    O1 - Hosts: 204.9.190.180 login.ccfcuonline.org
                    O1 - Hosts: 204.9.190.180 ww3.etimebanker.bankofthewest.com
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.lasallebank.com
                    O1 - Hosts: 204.9.190.180 wvw.totallyfreebanking.com
                    O1 - Hosts: 204.9.190.180 www.online.wellsfargo.com
                    O1 - Hosts: 204.9.190.180 ww2.onlinebanking.bankofoklahoma.com
                    O1 - Hosts: 204.9.190.180 accounts4.keybank.com
                    O1 - Hosts: 204.9.190.180 logon.bankone.com
                    O1 - Hosts: 204.9.190.180 www.secure.tdbanknorth.com
                    O1 - Hosts: 204.9.190.180 www.secure.mvnt4.com
                    O1 - Hosts: 204.9.190.180 ww.mynfbonline.com
                    O1 - Hosts: 204.9.190.180 login.forumcuonline.com
                    O1 - Hosts: 204.9.190.180 www.eds.usersonlnet.com
                    O1 - Hosts: 204.9.190.180 www.onlineid.bankofamerica.com
                    O1 - Hosts: 204.9.190.180 wvw.e-gold.com
                    O1 - Hosts: 204.9.190.180 pcbs.peoples.com
                    O1 - Hosts: 204.9.190.180 www.global1.onlinebank.com
                    O1 - Hosts: 204.9.190.180 ww2.mybranch.lafcu.com
                    O1 - Hosts: 204.9.190.180 login.webbanking.comerica.com
                    O1 - Hosts: 204.9.190.180 web.banking.firsttennessee.com
                    O1 - Hosts: 204.9.190.180 logon.members1st.org
                    O1 - Hosts: 204.9.190.180 www.cib.ibanking-services.com
                    O1 - Hosts: 204.9.190.180 www.miwebbusbank.ebanking-services.com
                    O1 - Hosts: 204.9.190.180 wvw.paypal.com
                    O1 - Hosts: 204.9.190.180 www.signin.ebay.com
                    O1 - Hosts: 204.9.190.180 www.bvi.bancodevalencia.es
                    O1 - Hosts: 204.9.190.180 extrant.banesto.es
                    O1 - Hosts: 204.9.190.180 banesnt.banesto.es
                    O1 - Hosts: 204.9.190.180 activia.caixagalicia.es
                    O1 - Hosts: 204.9.190.180 www.bancae.caixapenedes.com
                    O1 - Hosts: 204.9.190.180 login.caixasabadell.net
                    O1 - Hosts: 204.9.190.180 oii.cajamadrid.es
                    O1 - Hosts: 204.9.190.180 login.cajamar.es
                    O1 - Hosts: 204.9.190.180 login.ccm.es
                    O1 - Hosts: 204.9.190.180 ww.unicaja.es
                    O1 - Hosts: 204.9.190.180 ww.bayernlb.de
                    O1 - Hosts: 204.9.190.180 ww2.berliner-volksbank.de
                    O1 - Hosts: 204.9.190.180 ww7.homebanking-berlin.de
                    O1 - Hosts: 204.9.190.180 portal09.commerzbanking.de
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.huntington.com
                    O1 - Hosts: 204.9.190.180 www.meine.deutsche-bank.de
                    O1 - Hosts: 204.9.190.180 ww2.dresdner-privat.de
                    O1 - Hosts: 204.9.190.180 ww.e-banking.helaba.de
                    O1 - Hosts: 204.9.190.180 ww.hsh-nordbank.de
                    O1 - Hosts: 204.9.190.180 www.my.hypovereinsbank.de
                    O1 - Hosts: 204.9.190.180 ww3.homebanking-berlin.de
                    O1 - Hosts: 204.9.190.180 www.banking.lbbw.de
                    O1 - Hosts: 204.9.190.180 lrp.sparkasse-banking.de
                    O1 - Hosts: 204.9.190.180 ww3.homebanking-niedersachsen.de
                    O1 - Hosts: 204.9.190.180 www.onlinebanking.norisbank.de
                    O1 - Hosts: 204.9.190.180 www.banking.postbank.de
                    O1 - Hosts: 204.9.190.180 ww.bics.fr
                    O1 - Hosts: 204.9.190.180 www.co.caixabank.fr
                    O1 - Hosts: 204.9.190.180 ww.creditmutuel.fr
                    O1 - Hosts: 204.9.190.180 internetbank.intesabci.it
                    O1 - Hosts: 204.9.190.180 ww.extensive.bancalombarda.it
                    O1 - Hosts: 204.9.190.180 wvw.csebanking.it
                    O1 - Hosts: 204.9.190.180 www.mybank.bybank.it
                    O1 - Hosts: 204.9.190.180 ww.isideonline.it
                    O1 - Hosts: 204.9.190.180 ww3.sella.it
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                    c:\program files\google\googletoolbar1.dll
                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\System32\msdxm.ocx
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                    files\google\googletoolbar1.dll
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                    /autostart
                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\tas
                    • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 13:48
                      Chwila i znowu syf? Po co mam Ci pomagac skoro nie umiesz korzystac z internetu?

                      Usun wszystkie O1 i wklej nowy log, zainstaluj:
                      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                      przeskanuj i wlacz ochrone przegladarki
                      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                      ochrone przegladarki
                      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
                      • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 14:01
                        Logfile of HijackThis v1.99.1
                        Scan saved at 14:01:33, on 2005-06-23
                        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\SYSTEM32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\LEXBCES.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\system32\LEXPPS.EXE
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\WINDOWS\System32\netddeclnt.exe
                        C:\WINDOWS\System32\nvsvc32.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                        C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                        C:\Program Files\QuickTime\qttask.exe
                        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                        C:\WINDOWS\System32\nbthlp.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\WINDOWS\System32\phqghum.EXE
                        C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                        F:\Nikon\NkView6\NkvMon.exe
                        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                        C:\PROGRA~1\NEOSTR~1\ComComp.exe
                        C:\PROGRA~1\NEOSTR~1\Watch.exe
                        C:\Program Files\Gadu-Gadu\gg.exe
                        C:\WINDOWS\System32\wuauclt.exe
                        C:\Program Files\Mozilla Firefox\firefox.exe
                        C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.neostrada.pl
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                        c:\program files\google\googletoolbar1.dll
                        O2 - BHO: FlashFXP Helper for Internet Explorer -
                        {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                        C:\WINDOWS\System32\msdxm.ocx
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                        files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                        C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                        /autostart
                        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                        -atboottime
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                        Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
                        O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
                        O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
                        O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                        Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                        O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                        Office\Office\OSA9.EXE
                        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                        800-840\dslmon.exe
                        O8 - Extra context menu item: &Google Search - res://c:\program
                        files\google\GoogleToolbar1.dll/cmsearch.html
                        O8 - Extra context menu item: Backward Links - res://c:\program
                        files\google\GoogleToolbar1.dll/cmbacklinks.html
                        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                        files\google\GoogleToolbar1.dll/cmcache.html
                        O8 - Extra context menu item: Similar Pages - res://c:\program
                        files\google\GoogleToolbar1.dll/cmsimilar.html
                        O8 - Extra context menu item: Translate into English - res://c:\program
                        files\google\GoogleToolbar1.dll/cmtrans.html
                        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                        software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                        67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                        NameServer = 194.204.152.34 217.98.63.164
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashMaiSv.exe" /service (file missing)
                        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                        Software\Avast4\ashWebSv.exe" /service (file missing)
                        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                        C:\WINDOWS\system32\LEXBCES.EXE
                        O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                        C:\WINDOWS\System32\netddeclnt.exe (file missing)
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                        C:\WINDOWS\System32\nvsvc32.exe

                        • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 14:25
                          Czemu nie zainstalowales żadnego programu z tych co podalem?

                          To kasujesz w hijackthis:

                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          O4 - HKLM\..\Run: [Netbios Helper] C:\WINDOWS\System32\nbthlp.exe
                          O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
                          O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
                          O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
                          O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner -
                          C:\WINDOWS\System32\netddeclnt.exe (file missing)

                          Zamykasz procesy w menadzerze zadan i usuwasz z dysku:
                          C:\WINDOWS\System32\netddeclnt.exe
                          C:\WINDOWS\System32\nbthlp.exe
                          C:\WINDOWS\System32\phqghum.EXE
                          • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 16:12
                            Ja chyba wiem z kąd się biorą te wiry. Zawsze jak łącze się z internetem to mi
                            jakaś stronka wyskakuje z windowsa i w tedy program antywirusowy (avast) wykrywa
                            mi wira. Sprubóje jakoś zablokować tą stronke....jak się da.

                            Logfile of HijackThis v1.99.1
                            Scan saved at 16:09:09, on 2005-06-23
                            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\SYSTEM32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\LEXBCES.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\system32\LEXPPS.EXE
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            C:\Program Files\Alwil Software\Avast4\ashServ.exe
                            C:\WINDOWS\System32\nvsvc32.exe
                            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                            C:\Program Files\QuickTime\qttask.exe
                            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                            C:\WINDOWS\System32\ctfmon.exe
                            C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                            F:\Nikon\NkView6\NkvMon.exe
                            C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                            C:\WINDOWS\System32\wuauclt.exe
                            C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                            C:\PROGRA~1\NEOSTR~1\ComComp.exe
                            C:\PROGRA~1\NEOSTR~1\Watch.exe
                            C:\Program Files\Tlen.pl\tlen.exe
                            C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.neostrada.pl
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                            C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                            C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                            c:\program files\google\googletoolbar1.dll
                            O2 - BHO: FlashFXP Helper for Internet Explorer -
                            {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                            C:\WINDOWS\System32\msdxm.ocx
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                            files\google\googletoolbar1.dll
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                            C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                            /autostart
                            O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                            Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                            -atboottime
                            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                            Files\Real\Update_OB\realsched.exe" -osboot
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                            O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                            Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                            O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                            Office\Office\OSA9.EXE
                            O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                            800-840\dslmon.exe
                            O8 - Extra context menu item: &Google Search - res://c:\program
                            files\google\GoogleToolbar1.dll/cmsearch.html
                            O8 - Extra context menu item: Backward Links - res://c:\program
                            files\google\GoogleToolbar1.dll/cmbacklinks.html
                            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                            files\google\GoogleToolbar1.dll/cmcache.html
                            O8 - Extra context menu item: Similar Pages - res://c:\program
                            files\google\GoogleToolbar1.dll/cmsimilar.html
                            O8 - Extra context menu item: Translate into English - res://c:\program
                            files\google\GoogleToolbar1.dll/cmtrans.html
                            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                            software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                            O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                            67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                            NameServer = 194.204.152.34 217.98.63.164
                            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashServ.exe
                            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashMaiSv.exe" /service (file missing)
                            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                            Software\Avast4\ashWebSv.exe" /service (file missing)
                            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                            C:\WINDOWS\system32\LEXBCES.EXE
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                            C:\WINDOWS\System32\nvsvc32.exe

                            • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 18:39
                              Jaka stronka? podaj jej adres.
                              Miales przeskanowac MS Anti Spyware zrobiles to?
                              • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 23.06.05, 18:50
                                Ta stronka to :
                                file:///C:/Documents%20and%20Settings/aa/%25SYSROOT%25/update-sp5.html
                                Sprawdz ją ale pewnie trzeba bedzie ja zablokowac i powiec czego mi ona wyskakuje.
                                Tego programu jeszcze niezainstalowałem ale moge go zainstalować....niewystarczy
                                mi avast.
                                • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 23.06.05, 19:06
                                  Przeciez nie po to Ci podalem zebys nie instalowal! Avast to antyvirus, a
                                  Antyspyware to antyspyware, to dwie rozne rzeczy masz zainstalowac,
                                  przeskanowac i usunac co znajdzie.
                                  A to co podales to nie strona tylko plik na dysku i jest to ten trojan:
                                  www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43245
                                  I to on Ci instalowal te wszystkie smiecie.Na stronie masz podane co i gdzie w
                                  rejestrze oraz na dysku usunac.Usun caly katalog:
                                  C:/Documents and Settings/aa/%SYSROOT%/

                                  Do tego przeskanuj system tym:
                                  housecall.trendmicro.com/housecall/start_corp.asp
                                  www.windowsecurity.com/trojanscan/
                                  www.pandasoftware.com/activescan/pol/activescan_principal.htm
                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 24.06.05, 12:52
                                    Logfile of HijackThis v1.99.1
                                    Scan saved at 12:51:41, on 2005-06-24
                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                    Running processes:
                                    C:\WINDOWS\System32\smss.exe
                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                    C:\WINDOWS\system32\services.exe
                                    C:\WINDOWS\system32\lsass.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\system32\LEXBCES.EXE
                                    C:\WINDOWS\system32\LEXPPS.EXE
                                    C:\WINDOWS\system32\spoolsv.exe
                                    C:\WINDOWS\Explorer.EXE
                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                    C:\WINDOWS\System32\nvsvc32.exe
                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                    C:\Program Files\QuickTime\qttask.exe
                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                    C:\WINDOWS\System32\ctfmon.exe
                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                    F:\Nikon\NkView6\NkvMon.exe
                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\System32\wuauclt.exe
                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                    C:\Program Files\Mozilla Firefox\firefox.exe
                                    C:\Program Files\Gadu-Gadu\gg.exe
                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                    www.neostrada.pl
                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                                    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                    c:\program files\google\googletoolbar1.dll
                                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                    C:\WINDOWS\System32\msdxm.ocx
                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                    files\google\googletoolbar1.dll
                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                    /autostart
                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                    -atboottime
                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                    Files\Real\Update_OB\realsched.exe" -osboot
                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                    Office\Office\OSA9.EXE
                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                    800-840\dslmon.exe
                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmcache.html
                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                    NameServer = 194.204.152.34 217.98.63.164
                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashServ.exe
                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                    C:\WINDOWS\system32\LEXBCES.EXE
                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                    C:\WINDOWS\System32\nvsvc32.exe

                                    • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 24.06.05, 14:06
                                      Zabespieczenie niumożliwiają uruchomienie formatu ActiveX. Jak to odwrucić. Bo
                                      mi blokuje niekture rzeczy.
                                      • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 24.06.05, 16:11
                                        IE->Narzedzia->Opcje Internetowe->Zabezpieczenia->Poziom Niestandardowy i tam
                                        wybierz przy podpisanych activex na monituj, nie podpisane zostaw wylaczone bo
                                        znowu Ci sie cos zainstaluje ;-)
                                        • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 04.07.05, 18:09
                                          Logfile of HijackThis v1.99.1
                                          Scan saved at 18:08:56, on 2005-07-04
                                          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                          Running processes:
                                          C:\WINDOWS\System32\smss.exe
                                          C:\WINDOWS\SYSTEM32\winlogon.exe
                                          C:\WINDOWS\system32\services.exe
                                          C:\WINDOWS\system32\lsass.exe
                                          C:\WINDOWS\system32\svchost.exe
                                          C:\WINDOWS\System32\svchost.exe
                                          C:\WINDOWS\system32\LEXBCES.EXE
                                          C:\WINDOWS\Explorer.EXE
                                          C:\WINDOWS\system32\LEXPPS.EXE
                                          C:\WINDOWS\system32\spoolsv.exe
                                          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                          C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                          C:\WINDOWS\System32\nvsvc32.exe
                                          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                          C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                          C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                          C:\Program Files\QuickTime\qttask.exe
                                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                          C:\WINDOWS\System32\wuamkop32.exe
                                          C:\WINDOWS\System32\winssh.exe
                                          C:\WINDOWS\System32\ctfmon.exe
                                          C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                          F:\Nikon\NkView6\NkvMon.exe
                                          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                          C:\WINDOWS\System32\svchost.exe
                                          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                          C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                          C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                          C:\PROGRA~1\NEOSTR~1\Watch.exe
                                          C:\Program Files\Gadu-Gadu\gg.exe
                                          C:\WINDOWS\system32\cmd.exe
                                          C:\WINDOWS\System32\wuauclt.exe
                                          C:\Program Files\Mozilla Firefox\firefox.exe
                                          C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                          www.neostrada.pl
                                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                          R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                          C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                          C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
                                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                          c:\program files\google\googletoolbar1.dll
                                          O2 - BHO: FlashFXP Helper for Internet Explorer -
                                          {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                          C:\WINDOWS\System32\msdxm.ocx
                                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                          files\google\googletoolbar1.dll
                                          O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
                                          Files\YourSiteBar\ysb.dll (file missing)
                                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                          C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                          O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                          /autostart
                                          O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                          Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                          O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                          O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                          O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                          -atboottime
                                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                          Files\Real\Update_OB\realsched.exe" -osboot
                                          O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                          O4 - HKLM\..\Run: [Network Access] winssh.exe
                                          O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                          O4 - HKLM\..\RunServices: [Network Access] winssh.exe
                                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                          O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                          Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                          O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                          Office\Office\OSA9.EXE
                                          O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                          800-840\dslmon.exe
                                          O8 - Extra context menu item: &Google Search - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmsearch.html
                                          O8 - Extra context menu item: Backward Links - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmbacklinks.html
                                          O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmcache.html
                                          O8 - Extra context menu item: Similar Pages - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmsimilar.html
                                          O8 - Extra context menu item: Translate into English - res://c:\program
                                          files\google\GoogleToolbar1.dll/cmtrans.html
                                          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                          O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                          software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                          67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                          O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                          NameServer = 194.204.152.34 217.98.63.164
                                          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashServ.exe
                                          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashMaiSv.exe" /service (file missing)
                                          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                          Software\Avast4\ashWebSv.exe" /service (file missing)
                                          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                          C:\WINDOWS\system32\LEXBCES.EXE
                                          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                          C:\WINDOWS\System32\nvsvc32.exe

                                          • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 04.07.05, 18:34
                                            No i co znowu sie zarobaczyles? Wystarczylo pare dni i juz, tak bedziesz
                                            wklejal co chwile?

                                            Wpisy kasujesz, pliki usuwasz:
                                            O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program
                                            Files\YourSiteBar\ysb.dll (file missing)
                                            O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                            O4 - HKLM\..\Run: [Network Access] winssh.exe
                                            O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                            O4 - HKLM\..\RunServices: [Network Access] winssh.exe

                                            I postaraj sie juz nie psuc znowu.

                                            Moze to Ci troche pomoze:
                                            www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                                            przeskanuj i wlacz ochrone przegladarki
                                            www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                                            ochrone przegladarki
                                            download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
                                            • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 04.07.05, 20:38
                                              SpyBot S&D wykrył mi 47 problemów, mam je usunąć czy podać Ci jakie to są pliki.
                                              Bo jak klikam na "Napraw zaznaczone problemy" to mi wyskakuje okienko "Masz
                                              zamiar usunąć zaznaczone wpisy. Czy chcesz kontynuować?
                                              • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 04.07.05, 21:29
                                                Mozesz usunac nic zlego sie nie stanie.To same ciastka itp dlatego jest ich tak
                                                duzo.
                                                • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 05.07.05, 16:05
                                                  Może wiesz skąd mogę ściągnąć spolszczenie do Microsoft AntiSpyware, jak nie to
                                                  może jest jakaś polska stronka gdzie jest wytłumaczone jak obsługiwać się tym
                                                  programem. Jak nic z tych rzeczy niema to powiec mi jak obsługiwać się
                                                  "Real-time Protection". Chodzi mi o to jak włączyć jaką kolwiek ochronę w tym
                                                  programie.
                                                  • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 05.07.05, 16:40
                                                    Polskiej wersji jeszcze nie ma, co do spolszczenia to nie wiem ale pewnie tez
                                                    nie ma.Do tego sam nie mam zainstalowanego AntiSpyware wiec Ci nie napisze co i
                                                    jak :(
                                                    Ale pewnie wystarczy nacisnac Enable Real-time Protection.
                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 08.07.05, 15:36
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 15:35:54, on 2005-07-08
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\QuickTime\qttask.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\wuamkop32.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    C:\Program Files\Gadu-Gadu\gg.exe
                                                    C:\Program Files\Internet Explorer\iexplore.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                                                    szukaj.wp.pl
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
                                                    missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                                                    \SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                                    c:\program files\google\googletoolbar1.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
                                                    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                                    files\google\googletoolbar1.dll
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program
                                                    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                                                    atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                                                    AntiSpyware\gcasServ.exe"
                                                    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                                    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
                                                    \dslmon.exe
                                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmcache.html
                                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                                    NameServer = 194.204.152.34 217.98.63.164
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

                                                  • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 08.07.05, 15:51
                                                    No i znowu:
                                                    O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
                                                    O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe

                                                    Pliki usun w trybie awaryjnym czy jak tam chcesz.

                                                    Nie bede Ci co chwile sprawdzal loga...
                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 15.07.05, 20:56
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 20:52:06, on 2005-07-15
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
                                                    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                                                    c:\program files\google\googletoolbar1.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer -
                                                    {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                                                    files\google\googletoolbar1.dll
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                                                    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
                                                    /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                                                    -atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
                                                    800-840\dslmon.exe
                                                    O8 - Extra context menu item: &Google Search - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsearch.html
                                                    O8 - Extra context menu item: Backward Links - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmbacklinks.html
                                                    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmcache.html
                                                    O8 - Extra context menu item: Similar Pages - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmsimilar.html
                                                    O8 - Extra context menu item: Translate into English - res://c:\program
                                                    files\google\GoogleToolbar1.dll/cmtrans.html
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

                                                  • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 15.07.05, 21:56
                                                    Wyglada ok.
                                                  • Gość: Michał Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 08.08.05, 11:54
                                                    Logfile of HijackThis v1.99.1
                                                    Scan saved at 11:53:57, on 2005-08-08
                                                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                                                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                                    Running processes:
                                                    C:\WINDOWS\System32\smss.exe
                                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                                    C:\WINDOWS\system32\services.exe
                                                    C:\WINDOWS\system32\lsass.exe
                                                    C:\WINDOWS\system32\svchost.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\WINDOWS\Explorer.EXE
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    C:\WINDOWS\system32\spoolsv.exe
                                                    C:\WINDOWS\system32\LEXPPS.EXE
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashServ.exe
                                                    C:\WINDOWS\System32\nvsvc32.exe
                                                    C:\WINDOWS\System32\svchost.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                                                    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                                                    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    C:\Program Files\QuickTime\qttask.exe
                                                    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                                                    C:\WINDOWS\System32\ctfmon.exe
                                                    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                                                    F:\Nikon\NkView6\NkvMon.exe
                                                    C:\WINDOWS\System32\wuauclt.exe
                                                    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                                                    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
                                                    C:\PROGRA~1\NEOSTR~1\ComComp.exe
                                                    C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    C:\Program Files\Gadu-Gadu\gg.exe
                                                    C:\Program Files\Internet Explorer\iexplore.exe
                                                    C:\Documents and Settings\aa\Pulpit\hijackthis\HijackThis.exe

                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                                                    szukaj.wp.pl
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                    www.neostrada.pl
                                                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                                                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                                                    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                                    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file
                                                    missing)
                                                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                                                    \SPYBOT~1\SDHelper.dll
                                                    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
                                                    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                                                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                    C:\WINDOWS\System32\msdxm.ocx
                                                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvCpl.dll,NvStartup
                                                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
                                                    \NvMcTray.dll,NvTaskbarInit
                                                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                                    O4 - HKLM\..\Run: [PowerDVD] C:\Program
                                                    Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
                                                    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
                                                    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                                                    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                                                    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                                                    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                                                    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
                                                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                                                    atboottime
                                                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                                                    Files\Real\Update_OB\realsched.exe" -osboot
                                                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                                                    AntiSpyware\gcasServ.exe"
                                                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
                                                    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                                                    O4 - Global Startup: NkvMon.exe.lnk = F:\Nikon\NkView6\NkvMon.exe
                                                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                                    Office\Office\OSA9.EXE
                                                    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
                                                    \dslmon.exe
                                                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                                                    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                                                    software-dl.real.com/093c3c08ad15bb9df219/netzip/RdxIE601.cab
                                                    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
                                                    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
                                                    O17 - HKLM\System\CCS\Services\Tcpip\..\{C176CAA2-4703-4EDD-811D-B92435320F69}:
                                                    NameServer = 194.204.152.34 217.98.63.164
                                                    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                                                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                                                    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashServ.exe
                                                    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashMaiSv.exe" /service (file missing)
                                                    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                                                    Software\Avast4\ashWebSv.exe" /service (file missing)
                                                    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                                                    C:\WINDOWS\system32\LEXBCES.EXE
                                                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                                                    C:\WINDOWS\System32\nvsvc32.exe

                                                  • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 08.08.05, 17:19
                                                    Po co ten log? Jak jest ok to sprawdzaj sam na www.hijackthis.de
                                                  • Gość: kbkaK Re: Prosze o sprawdzenie loga z HiJackThis IP: *.neoplus.adsl.tpnet.pl 08.08.05, 21:31
                                                    Kolobos, ja Cię nie pytam skąd Ty to wszystko wiesz, ja Cię pytam, skąd Ty masz
                                                    tyle cierpliwości.

                                                    ...

                                                    A Michaś ma takie hobby, że wkleja logi
                                                  • Gość: Kolobos Re: Prosze o sprawdzenie loga z HiJackThis IP: *.warszawa.sdi.tpnet.pl 08.08.05, 22:37
                                                    Moja cierpliwosc owocuje poszerzaniem mojej wiedzy, wiec czemu mialbym nie byc
                                                    cierpliwy? :>
                                                  • Gość: Basia Re: Prosze o sprawdzenie loga z HiJackThis IP: 80.51.249.* 09.08.05, 14:12
                                                    Na tym forum mozna zglupiec a nie poszerzac wiedze :)

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka