Proszę o sprawdzenie loga

23.07.06, 16:48
Logfile of HijackThis v1.99.1
Scan saved at 16:44:45, on 2006-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2
\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2
\bin\apache.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ismon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\issearch.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Przemek\Pulpit\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} -
C:\WINDOWS\system32\ixt0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP:
    • Gość: Kolobos Re: Proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 23.07.06, 17:02
      Doklej brakujaca czesc, a na przyszlosc sprawdzaj czy sie zmiescilo cale.
    • neder Re: Proszę o sprawdzenie loga 23.07.06, 17:16
      ile jeszcze wątków zamierzasz załozyć? Na razie masz 5 jeden po drugim...
      bijesz rekord?
    • przemo9504 Re: Proszę o sprawdzenie loga 23.07.06, 17:19
      jestem tutaj pierwszy raz nadal prosze o komentarz co do loga
      • neder Re: Proszę o sprawdzenie loga 23.07.06, 17:21
        wklej końcówkę. W TYM wątku.
    • przemo9504 Re: Proszę o sprawdzenie loga ciąg dalszy 23.07.06, 17:23
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
      O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
      www.bph.pl/pi/components/SignActivX.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
      67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A5749CB6-BA15-479F-A32E-9702807699E6}:
      NameServer = 194.204.152.34 217.98.63.164
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner -
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner -
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2
      \bin\apache.exe" -k runservice (file missing)
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
      Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
      Files\Eset\nod32krn.exe
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA
      Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program
      Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
      Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    • kolobos Re: Proszę o sprawdzenie loga 23.07.06, 17:51
      Uzyj:
      siri.urz.free.fr/Fix/SmitfraudFix_En.php
      Log z usuwania wklej na forum.

      Usun z dysku:
      C:\windows\system32\components\flx1.dll w razie problemow uzyj killbox'a.

      Wywal aplikacje od neostrady, opis masz w przyklejonym poscie.
      Przeskanuj system przy pomocy ewido.

      W hjt usun:
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > szukaj.wp.pl
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > www.yahoo.com/
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      > us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*www.yahoo.com
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      >
      rs.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*www.yahoo.com/ext/search/
      search.html
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      > us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*www.yahoo.com
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > www.yahoo.com/
      > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      > us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*www.yahoo.com
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      > TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      > C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      > O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} -
      > C:\WINDOWS\system32\ixt0.dll <- plik usun z dysku.

      Po wszystkim wklej nowy log.
Pełna wersja