Co usunąć? Proszę o diagnozę

IP: *.neoplus.adsl.tpnet.pl 04.10.05, 21:17
Logfile of HijackThis v1.98.2
Scan saved at 21:11:57, on 05-10-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\fdtej.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\safuname.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rtiwseui.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Aprps\CxtPls.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} -
C:\WINDOWS\Pynix.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
Files\Aprps\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -
C:\WINDOWS\sasetup.dll (file missing)
O2 - BHO: XBTB09580 Class - {820EA695-5A03-4633-BA5E-97303C6B0597} -
C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O3 - Toolbar: WordReferenceItEn - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} -
C:\Program Files\WordReferenceItEn\wordreferenceItEn.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [avrrce] c:\windows\system32\avrrce.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [wIdebmkFW] C:\WINDOWS\fdtej.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\fdtej.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [sF5P39X] safuname.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [douFRVb6l] rtiwseui.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
800-840\dslmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK
Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
-{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
www.emusic.com?fref=149133 (file missing)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{FF7D6F68-D0E1-4D36-8F3D-FE92C5DD68A0}:
NameServer = 194.204.152.34 217.98.63.164

    • Gość: tata1959 Re: Co usunąć? Proszę o diagnozę IP: *.neoplus.adsl.tpnet.pl 04.10.05, 21:32
      witaj
      tak...a gdzie ciąg dalszy?
      pozdrawiam

      ps.lol....teraz dopiero zobaczyłem,tą wersję hijacka używało się w 2004 roku!!!
      teraz obowiązuje 1.99.1

      pozdrawiam

      .
      • Gość: shabani Re: Co usunąć? Proszę o diagnozę IP: *.neoplus.adsl.tpnet.pl 04.10.05, 21:40
        No tak, co za niedorzeczność ;) To już poszło w 1.99.1

        Logfile of HijackThis v1.99.1
        Scan saved at 21:37:48, on 05-10-04
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\WINDOWS\system32\drivers\KodakCCS.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\tcpsvcs.exe
        C:\WINDOWS\System32\snmp.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\fdtej.exe
        C:\Program Files\Media Access\MediaAccK.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\ISTsvc\istsvc.exe
        C:\Program Files\Media Access\MediaAccess.exe
        C:\Program Files\AutoUpdate\AutoUpdate.exe
        C:\WINDOWS\system32\safuname.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rtiwseui.exe
        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
        C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
        Updater.exe
        C:\Program Files\Neostrada TP\NeostradaTP.exe
        C:\Program Files\Neostrada TP\ComComp.exe
        C:\Program Files\Neostrada TP\Watch.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\Program Files\Aprps\CxtPls.exe
        C:\unzipped\hijackthis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
        O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} -
        C:\WINDOWS\Pynix.dll
        O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
        Files\Aprps\cxtpls.dll
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -
        C:\WINDOWS\sasetup.dll (file missing)
        O2 - BHO: XBTB09580 Class - {820EA695-5A03-4633-BA5E-97303C6B0597} -
        C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
        O3 - Toolbar: WordReferenceItEn - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} -
        C:\Program Files\WordReferenceItEn\wordreferenceItEn.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
        O4 - HKLM\..\Run: [avrrce] c:\windows\system32\avrrce.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [wIdebmkFW] C:\WINDOWS\fdtej.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe]
        C:\WINDOWS\fdtej.exe
        O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
        O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
        O4 - HKLM\..\Run: [sF5P39X] safuname.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [douFRVb6l] rtiwseui.exe
        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
        800-840\dslmon.exe
        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
        EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK
        Software Updater\7288971\Program\Kodak Software Updater.exe
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
        www.emusic.com?fref=149133 (file missing)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
        www.ipix.com/viewers/ipixx.cab
        O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab
        O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
        www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7D6F68-D0E1-4D36-8F3D-FE92C5DD68A0}:
        NameServer = 194.204.152.34 217.98.63.164
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet
        Security\ISSVC.exe (file missing)
        O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
        Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
        Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH,
        Germany - C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE

        • Gość: Kolobos Re: Co usunąć? Proszę o diagnozę IP: *.warszawa.sdi.tpnet.pl 04.10.05, 21:45
          Usun narazie to co podalem i przeskanuj tym co podalem i dopiero wklej nowy log
          jak juz wszystko zrobisz to Ci napisze co jeszcze zostalo.
    • Gość: Kolobos Re: Co usunąć? Proszę o diagnozę IP: *.warszawa.sdi.tpnet.pl 04.10.05, 21:44
      Przeskanuj:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.
      Zamknij porty tym:
      www.firewallleaktester.com/tools/wwdc.exe
      securityresponse.symantec.com/avcenter/FxIstbar.exe
      Zakoncz procesy:
      C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE
      C:\WINDOWS\fdtej.exe
      C:\Program Files\Media Access\MediaAccK.exe
      C:\Program Files\ISTsvc\istsvc.exe
      C:\Program Files\Media Access\MediaAccess.exe
      C:\WINDOWS\system32\safuname.exe
      C:\WINDOWS\system32\rtiwseui.exe
      C:\Program Files\Aprps\CxtPls.exe <- skasuj katalog aprps

      Usun w hijackthis + kasacja plikow:

      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      file)
      O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} -
      C:\WINDOWS\Pynix.dll <- usun plik
      O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
      Files\Aprps\cxtpls.dll <- usun plik
      O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
      C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll <- odinstaluj
      O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -
      C:\WINDOWS\sasetup.dll (file missing)
      O2 - BHO: XBTB09580 Class - {820EA695-5A03-4633-BA5E-97303C6B0597} -
      C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL <- tego nie znam jak tez nie znasz to usun.
      O3 - Toolbar: WordReferenceItEn - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} -
      C:\Program Files\WordReferenceItEn\wordreferenceItEn.dll <- to samo tutaj.
      O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
      C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
      O4 - HKLM\..\Run: [avrrce] c:\windows\system32\avrrce.exe <- usun plik
      O4 - HKLM\..\Run: [wIdebmkFW] C:\WINDOWS\fdtej.exe <- usun
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe <-
      usun
      O4 - HKLM\..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe]
      C:\WINDOWS\fdtej.exe <- usun
      O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe <- usun
      O4 - HKLM\..\Run: [sF5P39X] safuname.exe <- usun plik
      O4 - HKCU\..\Run: [douFRVb6l] rtiwseui.exe <- usun plik
      O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
      www.emusic.com?fref=149133 (file missing)
      O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
      www.ipix.com/viewers/ipixx.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab


      • Gość: shabani Re: Co usunąć? Proszę o diagnozę IP: *.neoplus.adsl.tpnet.pl 05.10.05, 22:31
        Kolobos, wczoraj już nie zdążyłem wykonać zalecanych przez Ciebie czynności, ale
        teraz już zgłaszam się z prośbą o pomoc w kontynuacji porządków.

        Logfile of HijackThis v1.99.1
        Scan saved at 22:26:30, on 05-10-05
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\WINDOWS\system32\drivers\KodakCCS.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\tcpsvcs.exe
        C:\WINDOWS\System32\snmp.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
        C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
        Updater.exe
        C:\Program Files\Neostrada TP\NeostradaTP.exe
        C:\Program Files\Neostrada TP\ComComp.exe
        C:\Program Files\Neostrada TP\Watch.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\unzipped\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
        800-840\dslmon.exe
        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
        EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK
        Software Updater\7288971\Program\Kodak Software Updater.exe
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7D6F68-D0E1-4D36-8F3D-FE92C5DD68A0}:
        NameServer = 194.204.152.34 217.98.63.164
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet
        Security\ISSVC.exe (file missing)
        O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
        Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
        Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH,
        Germany - C:\DOCUME~1\CZARU~1\USTAWI~1\TEMP\_VWUPSRV.EXE

        • Gość: Kolobos Re: Co usunąć? Proszę o diagnozę IP: *.warszawa.sdi.tpnet.pl 05.10.05, 22:44
          Odinstaluj nortona, uzyj tez tego:
          www.searchengines.pl/phpbb203/index.php?act=Attach&type=post&id=459
          Oraz wywal aplikacje od neostrady:
          forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
          • Gość: shabani Re: Co usunąć? Proszę o diagnozę IP: *.neoplus.adsl.tpnet.pl 05.10.05, 23:30
            Wielkie dzięki!
            Jak Wy to robicie? ;)
Pełna wersja