proszę o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 25.07.05, 10:35
Logfile of HijackThis v1.99.1
Scan saved at 10:36:53, on 2005-07-25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\soun.pif
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
c:\windows\system32\mdms.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3 www.txiframe.biz
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 www.trafficbest.net
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-
5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} -
C:\WINDOWS\System32\dllcache\msxml32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SOUNDMAN Microsoft Help] soun.pif
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\RunServices: [SOUNDMAN Microsoft Help] soun.pif
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Powergg.exe" /tray
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant
Browser\Search.htm
O8 - Extra context menu item: Ściągnij przy pomocy Flas
    • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.07.05, 10:43
      Nie masz SP wiec po co Ci taki system?

      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      www.avast.com/eng/avast_4_home.html
      download.ewido.net/ewido-setup.exewww.firewallleaktester.com/tools/wwdc.exe
      www.searchengines.pl/phpbb203/index.php?
      s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459

      I dopiero mozesz wkleic log.
    • Gość: pinex Re: proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 25.07.05, 14:06
      Logfile of HijackThis v1.99.1
      Scan saved at 14:07:50, on 2005-07-25
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      C:\WINDOWS\System32\soun.pif
      C:\windows\system32\mdms.exe
      C:\Program Files\AutoConnect\AutoConnect.exe
      C:\winstall.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\WINDOWS\tool2.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Avant Browser\avant.exe
      C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
      \Pulpit\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
      C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O1 - Hosts: 216.138.184.21 onlineaccounts2.abbeynational.co.uk
      O1 - Hosts: 216.138.184.21 www3.aibgbonline.co.uk
      O1 - Hosts: 216.138.184.21 www.bank.alliance-leicester.co.uk
      O1 - Hosts: 216.138.184.21 login.iblogin.com
      O1 - Hosts: 216.138.184.21 ww2.bankofscotlandhalifax-online.co.uk
      O1 - Hosts: 216.138.184.21 inet.barclays.co.uk
      O1 - Hosts: 216.138.184.21 iibank.barclays.co.uk
      O1 - Hosts: 216.138.184.21 iibank.cahoot.com
      O1 - Hosts: 216.138.184.21 www3.coventrybuildingsociety.co.uk
      O1 - Hosts: 216.138.184.21 ww.hsbc.co.uk
      O1 - Hosts: 216.138.184.21 login.ebank.offshore.hsbc.co.je
      O1 - Hosts: 216.138.184.21 ww3.online-offshore.lloydstsb.com
      O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
      O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
      O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
      O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
      O1 - Hosts: 216.138.184.21 ob2.nationet.com
      O1 - Hosts: 216.138.184.21 ww3.onlinebanking.natwestoffshore.com
      O1 - Hosts: 216.138.184.21 ww1.nwolb.com
      O1 - Hosts: 216.138.184.21 ww1.onlinebanking.iombank.com
      O1 - Hosts: 216.138.184.21 ww1.www.rbsdigital.com
      O1 - Hosts: 216.138.184.21 welcome.smile.co.uk
      O1 - Hosts: 216.138.184.21 login.365online.com
      O1 - Hosts: 216.138.184.21 wvw.citizensbankonline.com
      O1 - Hosts: 216.138.184.21 esecure.regionsnet.com
      O1 - Hosts: 216.138.184.21 rollb.associatedbank.com
      O1 - Hosts: 216.138.184.21 upb.unionplanters.com
      O1 - Hosts: 216.138.184.21 www.onlinebanking.huntington.com
      O1 - Hosts: 216.138.184.21 inet.southtrustonlinebanking.com
      O1 - Hosts: 216.138.184.21 logon.personal.wamu.com
      O1 - Hosts: 216.138.184.21 login.compassweb.com
      O1 - Hosts: 216.138.184.21 logon.firstmeritib.com
      O1 - Hosts: 216.138.184.21 login.ccfcuonline.org
      O1 - Hosts: 216.138.184.21 ww3.etimebanker.bankofthewest.com
      O1 - Hosts: 216.138.184.21 ww2.onlinebanking.lasallebank.com
      O1 - Hosts: 216.138.184.21 wvw.totallyfreebanking.com
      O1 - Hosts: 216.138.184.21 www.online.wellsfargo.com
      O1 - Hosts: 216.138.184.21 www.onlinebanking.bankofoklahoma.com
      O1 - Hosts: 216.138.184.21 accounts4.keybank.com
      O1 - Hosts: 216.138.184.21 logon.bankone.com
      O1 - Hosts: 216.138.184.21 www.secure.tdbanknorth.com
      O1 - Hosts: 216.138.184.21 www.secure.mvnt4.com
      O1 - Hosts: 216.138.184.21 ww.mynfbonline.com
      O1 - Hosts: 216.138.184.21 login.forumcuonline.com
      O1 - Hosts: 216.138.184.21 www.eds.usersonlnet.com
      O1 - Hosts: 216.138.184.21 www.onlineid.bankofamerica.com
      O1 - Hosts: 216.138.184.21 wvw.e-gold.com
      O1 - Hosts: 216.138.184.21 pcbs.peoples.com
      O1 - Hosts: 216.138.184.21 www.global1.onlinebank.com
      O1 - Hosts: 216.138.184.21 ww2.mybranch.lafcu.com
      O1 - Hosts: 216.138.184.21 login.webbanking.comerica.com
      O1 - Hosts: 216.138.184.21 web.banking.firsttennessee.com
      O1 - Hosts: 216.138.184.21 logon.members1st.org
      O1 - Hosts: 216.138.184.21 www.cib.ibanking-services.com
      O1 - Hosts: 216.138.184.21 www.miwebbusbank.ebanking-services.com
      O1 - Hosts: 216.138.184.21 wvw.paypal.com
      O1 - Hosts: 216.138.184.21 wvw.etrade.com
      O1 - Hosts: 216.138.184.21 ww4.fleethomelink.fleet.com
      O1 - Hosts: 216.138.184.21 ww3.connect.skyfi.com
      O1 - Hosts: 216.138.184.21 www6.usbank.com
      O1 - Hosts: 216.138.184.21 www.bvi.bancodevalencia.es
      O1 - Hosts: 216.138.184.21 extrant.banesto.es
      O1 - Hosts: 216.138.184.21 banesnt.banesto.es
      O1 - Hosts: 216.138.184.21 activia.caixagalicia.es
      O1 - Hosts: 216.138.184.21 www.bancae.caixapenedes.com
      O1 - Hosts: 216.138.184.21 login.caixasabadell.net
      O1 - Hosts: 216.138.184.21 oii.cajamadrid.es
      O1 - Hosts: 216.138.184.21 login.cajamar.es
      O1 - Hosts: 216.138.184.21 login.ccm.es
      O1 - Hosts: 216.138.184.21 ww.unicaja.es
      O1 - Hosts: 216.138.184.21 www5.bancopopular.es
      O1 - Hosts: 216.138.184.21 ww3.bbvanet.com
      O1 - Hosts: 216.138.184.21 ww.bayernlb.de
      O1 - Hosts: 216.138.184.21 ww2.berliner-volksbank.de
      O1 - Hosts: 216.138.184.21 ww7.homebanking-berlin.de
      O1 - Hosts: 216.138.184.21 portal09.commerzbanking.de
      O1 - Hosts: 216.138.184.21 www.meine.deutsche-bank.de
      O1 - Hosts: 216.138.184.21 ww2.dresdner-privat.de
      O1 - Hosts: 216.138.184.21 ww.e-banking.helaba.de
      O1 - Hosts: 216.138.184.21 ww.hsh-nordbank.de
      O1 - Hosts: 216.138.184.21 www.my.hypovereinsbank.de
      O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
      O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
      O1 - Hosts: 216.138.184.21 www.banking.lbbw.de
      O1 - Hosts: 216.138.184.21 lrp.sparkasse-banking.de
      O1 - Hosts: 216.138.184.21 ww3.homebanking-niedersachsen.de
      O1 - Hosts: 216.138.184.21 www.onlinebanking.norisbank.de
      O1 - Hosts: 216.138.184.21 www.banking.postbank.de
      O1 - Hosts: 216.138.184.21 wvw.internetbanking.gad.de
      O1 - Hosts: 216.138.184.21 ww1.portal.izb.de
      O1 - Hosts: 216.138.184.21 wvw.kunden-service.lbs.de
      O1 - Hosts: 216.138.184.21 ibanking.seb.de
      O1 - Hosts: 216.138.184.21 bw7.sparkasse-banking.de
      O1 - Hosts: 216.138.184.21 ww2.homebanking-sparkasse.de
      O1 - Hosts: 216.138.184.21 ww2.vr-networld-ebanking.de
      O1 - Hosts: 216.138.184.21 ww.bics.fr
      O1 - Hosts: 216.138.184.21 www.co.caixabank.fr
      O1 - Hosts: 216.138.184.21 ww.creditmutuel.fr
      O1 - Hosts: 216.138.184.21 internetbank.intesabci.it
      O1 - Hosts: 216.138.184.21 ww.extensive.bancalombarda.it
      O1 - Hosts: 216.138.184.21 wvw.csebanking.it
      O2 - BHO: MyWebSearch
      • neder Re: proszę o sprawdzenie loga 25.07.05, 14:47
        jest chyba gorzej niż bylo ;p w każdym razie log jest uciety jeszcze wcześniej
        niz poprzednio.


        start w awaryjny i usuwasz:
        > mdms.exe -> z C:\windows\system32\-> o tym poczytaj tez tutaj (o wpisach w
        rejestrze itepe):www.sophos.com/virusinfo/analyses/w32sdbotch.html
        > Wątroba.W-HB0802LYSBEX5 -> z C:\Documents and Settings\
        > winstall.exe -> z C:\
        > tool2.exe -> z C:\WINDOWS\
        > C:\Program Files\AutoConnect\AutoConnect.exe -> wiesz co to? jak nie
        instalowaleś(aś) to usuwasz
        > MyWebSearch z Program Files







        w HJ usuwasz:
        > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        > 195.95.218.172/index.php
        > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        > 195.95.218.172/index.php
        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        > 195.95.218.172/index.php
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        > 195.95.218.172/index.php
        > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        > 195.95.218.172/index.php
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        > 195.95.218.172/index.php
        > R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
        > C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
        > O1 - Hosts: 216.138.184.21 onlineaccounts2.abbeynational.co.uk
        > O1 - Hosts: 216.138.184.21 www3.aibgbonline.co.uk
        > O1 - Hosts: 216.138.184.21 www.bank.alliance-leicester.co.uk
        > O1 - Hosts: 216.138.184.21 login.iblogin.com
        > O1 - Hosts: 216.138.184.21 ww2.bankofscotlandhalifax-online.co.uk
        > O1 - Hosts: 216.138.184.21 inet.barclays.co.uk
        > O1 - Hosts: 216.138.184.21 iibank.barclays.co.uk
        > O1 - Hosts: 216.138.184.21 iibank.cahoot.com
        > O1 - Hosts: 216.138.184.21 www3.coventrybuildingsociety.co.uk
        > O1 - Hosts: 216.138.184.21 ww.hsbc.co.uk
        > O1 - Hosts: 216.138.184.21 login.ebank.offshore.hsbc.co.je
        > O1 - Hosts: 216.138.184.21 ww3.online-offshore.lloydstsb.com
        > O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
        > O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
        > O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
        > O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
        > O1 - Hosts: 216.138.184.21 ob2.nationet.com
        > O1 - Hosts: 216.138.184.21 ww3.onlinebanking.natwestoffshore.com
        > O1 - Hosts: 216.138.184.21 ww1.nwolb.com
        > O1 - Hosts: 216.138.184.21 ww1.onlinebanking.iombank.com
        > O1 - Hosts: 216.138.184.21 ww1.www.rbsdigital.com
        > O1 - Hosts: 216.138.184.21 welcome.smile.co.uk
        > O1 - Hosts: 216.138.184.21 login.365online.com
        > O1 - Hosts: 216.138.184.21 wvw.citizensbankonline.com
        > O1 - Hosts: 216.138.184.21 esecure.regionsnet.com
        > O1 - Hosts: 216.138.184.21 rollb.associatedbank.com
        > O1 - Hosts: 216.138.184.21 upb.unionplanters.com
        > O1 - Hosts: 216.138.184.21 www.onlinebanking.huntington.com
        > O1 - Hosts: 216.138.184.21 inet.southtrustonlinebanking.com
        > O1 - Hosts: 216.138.184.21 logon.personal.wamu.com
        > O1 - Hosts: 216.138.184.21 login.compassweb.com
        > O1 - Hosts: 216.138.184.21 logon.firstmeritib.com
        > O1 - Hosts: 216.138.184.21 login.ccfcuonline.org
        > O1 - Hosts: 216.138.184.21 ww3.etimebanker.bankofthewest.com
        > O1 - Hosts: 216.138.184.21 ww2.onlinebanking.lasallebank.com
        > O1 - Hosts: 216.138.184.21 wvw.totallyfreebanking.com
        > O1 - Hosts: 216.138.184.21 www.online.wellsfargo.com
        > O1 - Hosts: 216.138.184.21 www.onlinebanking.bankofoklahoma.com
        > O1 - Hosts: 216.138.184.21 accounts4.keybank.com
        > O1 - Hosts: 216.138.184.21 logon.bankone.com
        > O1 - Hosts: 216.138.184.21 www.secure.tdbanknorth.com
        > O1 - Hosts: 216.138.184.21 www.secure.mvnt4.com
        > O1 - Hosts: 216.138.184.21 ww.mynfbonline.com
        > O1 - Hosts: 216.138.184.21 login.forumcuonline.com
        > O1 - Hosts: 216.138.184.21 www.eds.usersonlnet.com
        > O1 - Hosts: 216.138.184.21 www.onlineid.bankofamerica.com
        > O1 - Hosts: 216.138.184.21 wvw.e-gold.com
        > O1 - Hosts: 216.138.184.21 pcbs.peoples.com
        > O1 - Hosts: 216.138.184.21 www.global1.onlinebank.com
        > O1 - Hosts: 216.138.184.21 ww2.mybranch.lafcu.com
        > O1 - Hosts: 216.138.184.21 login.webbanking.comerica.com
        > O1 - Hosts: 216.138.184.21 web.banking.firsttennessee.com
        > O1 - Hosts: 216.138.184.21 logon.members1st.org
        > O1 - Hosts: 216.138.184.21 www.cib.ibanking-services.com
        > O1 - Hosts: 216.138.184.21 www.miwebbusbank.ebanking-services.com
        > O1 - Hosts: 216.138.184.21 wvw.paypal.com
        > O1 - Hosts: 216.138.184.21 wvw.etrade.com
        > O1 - Hosts: 216.138.184.21 ww4.fleethomelink.fleet.com
        > O1 - Hosts: 216.138.184.21 ww3.connect.skyfi.com
        > O1 - Hosts: 216.138.184.21 www6.usbank.com
        > O1 - Hosts: 216.138.184.21 www.bvi.bancodevalencia.es
        > O1 - Hosts: 216.138.184.21 extrant.banesto.es
        > O1 - Hosts: 216.138.184.21 banesnt.banesto.es
        > O1 - Hosts: 216.138.184.21 activia.caixagalicia.es
        > O1 - Hosts: 216.138.184.21 www.bancae.caixapenedes.com
        > O1 - Hosts: 216.138.184.21 login.caixasabadell.net
        > O1 - Hosts: 216.138.184.21 oii.cajamadrid.es
        > O1 - Hosts: 216.138.184.21 login.cajamar.es
        > O1 - Hosts: 216.138.184.21 login.ccm.es
        > O1 - Hosts: 216.138.184.21 ww.unicaja.es
        > O1 - Hosts: 216.138.184.21 www5.bancopopular.es
        > O1 - Hosts: 216.138.184.21 ww3.bbvanet.com
        > O1 - Hosts: 216.138.184.21 ww.bayernlb.de
        > O1 - Hosts: 216.138.184.21 ww2.berliner-volksbank.de
        > O1 - Hosts: 216.138.184.21 ww7.homebanking-berlin.de
        > O1 - Hosts: 216.138.184.21 portal09.commerzbanking.de
        > O1 - Hosts: 216.138.184.21 www.meine.deutsche-bank.de
        > O1 - Hosts: 216.138.184.21 ww2.dresdner-privat.de
        > O1 - Hosts: 216.138.184.21 ww.e-banking.helaba.de
        > O1 - Hosts: 216.138.184.21 ww.hsh-nordbank.de
        > O1 - Hosts: 216.138.184.21 www.my.hypovereinsbank.de
        > O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
        > O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
        > O1 - Hosts: 216.138.184.21 www.banking.lbbw.de
        > O1 - Hosts: 216.138.184.21 lrp.sparkasse-banking.de
        > O1 - Hosts: 216.138.184.21 ww3.homebanking-niedersachsen.de
        > O1 - Hosts: 216.138.184.21 www.onlinebanking.norisbank.de
        > O1 - Hosts: 216.138.184.21 www.banking.postbank.de
        > O1 - Hosts: 216.138.184.21 wvw.internetbanking.gad.de
        > O1 -
        i wszystkie 01 które sie jeszcze w logu znajdą (od razu skasuj też 015 bo pewnie
        też trochę ich masz, a że log nie zmieścil się caly to ich nie widać)


        reset i nowy log
        • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.07.05, 15:07
          Programy, ktore podalem powinny wyczyscic wiekszosc tego syfu, wiec chyba autor
          postu ich nie uzyl jak trzeba.


          Opis naprawy tapety jest tutaj:
          www.searchengines.pl/phpbb203/index.php?showtopic=31936
          na samym dole.
          • Gość: pinex Re: proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 25.07.05, 15:37
            Logfile of HijackThis v1.99.1
            Scan saved at 15:36:28, on 2005-07-25
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\WINDOWS\SOUNDMAN.EXE
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            C:\WINDOWS\System32\soun.pif
            C:\windows\system32\mdms.exe
            C:\Program Files\AutoConnect\AutoConnect.exe
            C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\WINDOWS\system32\cmd.exe
            C:\Program Files\Avant Browser\avant.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
            \Pulpit\hijackthis\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
            C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
            R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
            C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
            O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-
            5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1
            \FLASHGET\jccatch.dll
            O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            O4 - HKLM\..\Run: [SOUNDMAN Microsoft Help] soun.pif
            O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
            AntiSpyware\gcasServ.exe"
            O4 - HKLM\..\RunServices: [SOUNDMAN Microsoft Help] soun.pif
            O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Powergg.exe" /tray
            O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
            O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
            O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
            \dslmon.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
            Files\Microsoft Office\Office\1045\OLFSNT40.EXE
            O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
            C:\Program Files\Avant Browser\AddAllToADBlackList.htm
            O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
            Files\Avant Browser\AddToADBlackList.htm
            O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
            C:\Program Files\Avant Browser\OpenAllLinks.htm
            O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
            Browser\Highlight.htm
            O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
            O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program
            Files\FlashGet\jc_link.htm
            O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
            D:\Program Files\FlashGet\jc_all.htm
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
            D:\PROGRA~1\FLASHGET\flashget.exe
            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
            0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
            O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
            O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
            ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
            O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
            update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121875175654
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
            NameServer = 194.204.152.34 217.98.63.164
            O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
            NameServer = 194.204.152.34 217.98.63.164
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32
            \mapi32.exe (file missing)
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe

            • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.07.05, 16:52
              Kasujesz w hijackthis:

              R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
              C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
              O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-
              5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
              O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
              O4 - HKLM\..\Run: [SOUNDMAN Microsoft Help] soun.pif
              O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
              O4 - HKLM\..\RunServices: [SOUNDMAN Microsoft Help] soun.pif
              O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
              O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              C:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              00aa003c157a} - C:\WINDOWS\web\related.htm
              O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
              ak.imgfarm.com/images/nocache/funwebproducts/ei-
              2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
              O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
              O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
              O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32
              \mapi32.exe (file missing)

              Zamykasz w menadzerze zadan:
              C:\WINDOWS\System32\soun.pif
              C:\windows\system32\mdms.exe
              I usuwasz oba pliki, nastepnie:

              Start->Uruchom->services.msc odszukaj MAPI Mail Client (MAPI) oraz Crypkey
              License wejdz we wlasciwosci tych uslug i zmien tryb uruchomienia na wylaczony.
              Nastepnie w hijackthis->open misc tools->delete nt service wpisz MAPI

              I jeszcze kasujesz z dysku:
              C:\Program Files\MyWebSearch\ <- caly katalog (po resecie)
              C:\winstall.exe
              c:\eied_s7.cab

              Przeskanuj jeszcze tym:
              download.ewido.net/ewido-setup.exe
              Bo chyba tego nie zrobiles...

              I wklejasz nowy log.
              • Gość: pinex Re: proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 25.07.05, 18:40
                Logfile of HijackThis v1.99.1
                Scan saved at 18:41:16, on 2005-07-25
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\LEXBCES.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\system32\LEXPPS.EXE
                C:\WINDOWS\SOUNDMAN.EXE
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
                C:\Program Files\AutoConnect\AutoConnect.exe
                C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
                C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\Avant Browser\avant.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Program Files\ewido\security suite\ewidoctrl.exe
                C:\Program Files\ewido\security suite\ewidoguard.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
                \Pulpit\hijackthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
                O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1
                \FLASHGET\jccatch.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                \NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
                O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                AntiSpyware\gcasServ.exe"
                O4 - HKLM\..\Run: [SOUNDMAN Microsoft Help] soun.pif
                O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
                O4 - HKLM\..\RunServices: [SOUNDMAN Microsoft Help] soun.pif
                O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
                \dslmon.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
                Files\Microsoft Office\Office\1045\OLFSNT40.EXE
                O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
                C:\Program Files\Avant Browser\AddAllToADBlackList.htm
                O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
                Files\Avant Browser\AddToADBlackList.htm
                O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
                C:\Program Files\Avant Browser\OpenAllLinks.htm
                O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
                Browser\Highlight.htm
                O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
                O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program
                Files\FlashGet\jc_link.htm
                O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
                D:\Program Files\FlashGet\jc_all.htm
                O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
                D:\PROGRA~1\FLASHGET\flashget.exe
                O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
                0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
                O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121875175654
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                skaner.mks.com.pl/SkanerOnline.cab
                O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
                NameServer = 194.204.152.34 217.98.63.164
                O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
                NameServer = 194.204.152.34 217.98.63.164
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: ewido security suite control - ewido networks - C:\Program
                Files\ewido\security suite\ewidoctrl.exe
                O23 - Service: ewido security suite guard - ewido networks - C:\Program
                Files\ewido\security suite\ewidoguard.exe
                O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
                C:\WINDOWS\system32\LEXBCES.EXE
                O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\System32\nvsvc32.exe

                • neder Re: proszę o sprawdzenie loga 25.07.05, 18:59
                  usuwasz w awaryjnym? ciagle niekóre wpisy są:
                  > O4 - HKLM\..\Run: [SOUNDMAN Microsoft Help] soun.pif
                  > O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
                  > O4 - HKLM\..\RunServices: [SOUNDMAN Microsoft Help] soun.pif

                  na Twoim miejscu zrobiłabym jeszcze 2 rzeczy:
                  1. odinstalowała aplikacje neostrady (poprzez dodaj/usuń programy) i ustanowiła
                  połączenie ręczne tak jak to jest opisane tutaj:
                  forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
                  2. zrezygnowała z IE i zainstalowała firefoxa bądź operę.


                  jeszcze jedno -> na aktualizacje pewnie nie masz co liczyć?
Pełna wersja