Reklamiarz? czy co to kurde jest!? :P (log)

01.08.06, 11:40
Czy ktoś mógłby sprawdzić tego loga? najprawdopodobniej mam reklamiarza,
wyskakuje mi pełno różnych okienek, nie wiem jak się tego pozbyć. łeeee... co
robić?:|


Logfile of HijackThis v1.99.1
Scan saved at 11:32:14, on 2006-08-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\X Password Manager\isamonitor.exe
C:\Program Files\X Password Manager\pmsngr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\X Password Manager\pmmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\X Password Manager\isamini.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
F:\QuickDCF.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\abc\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program
Files\X Password Manager\isaddon.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program
Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
-{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7C7D2529-8B30-466E-B991-0C201AD1F2F1}:
NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    • kolobos Re: Reklamiarz? czy co to kurde jest!? :P (log) 01.08.06, 12:22
      Aplikacje od neostrady mozesz wywalic (opis w przyklejonym).

      Uzyj:
      siri.urz.free.fr/Fix/SmitfraudFix_En.php
      log z usuwania wklej na forum.

      W menadzerze zadan zakoncz:
      C:\Program Files\X Password Manager\isamonitor.exe
      C:\Program Files\X Password Manager\pmsngr.exe
      C:\Program Files\X Password Manager\pmmon.exe
      C:\Program Files\X Password Manager\isamini.exe
      Katalog X Pass... usun z dysku.

      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program
      Files\X Password Manager\isaddon.dll

      Na koniec skan ewido (link w przyklejonym).
      • mazzz Re: Reklamiarz? czy co to kurde jest!? :P (log) 01.08.06, 14:10
        > siri.urz.free.fr/Fix/SmitfraudFix_En.php
        > log z usuwania wklej na forum.

        chodzi o ten log?

        SmitFraudFix v2.78

        Scan done at 13:56:49,99, 2006-08-01
        Run from C:\Documents and Settings\abc\Pulpit\SmitfraudFix
        OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
        Fix ran in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

        Registry Cleaning done.

        »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» End


        • Gość: Kolobos Re: Reklamiarz? czy co to kurde jest!? :P (log) IP: *.warszawa.sdi.tpnet.pl 01.08.06, 16:42
          Tak, wklej tez log z hijackthis.
          • mazzz Re: Reklamiarz? czy co to kurde jest!? :P (log) 01.08.06, 16:58
            Logfile of HijackThis v1.99.1
            Scan saved at 16:56:59, on 2006-08-01
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\WINDOWS\system32\WgaTray.exe
            F:\QuickDCF.exe
            C:\Program Files\Neostrada TP\NeostradaTP.exe
            C:\Program Files\Neostrada TP\ComComp.exe
            C:\Program Files\Neostrada TP\Watch.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Tlen.pl\tlen.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Documents and Settings\abc\Pulpit\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
            Solution\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program
            Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
            O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
            Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: Exif Launcher.lnk = ?
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7D2529-8B30-466E-B991-0C201AD1F2F1}:
            NameServer = 194.204.152.34 217.98.63.164
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
            Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
            Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



            Tak w ogóle dziękuję :* jak narazie wydaje się być wszystko w porządku, nic nie
            wyskakuje już :)
            • Gość: Kolobos Re: Reklamiarz? czy co to kurde jest!? :P (log) IP: *.warszawa.sdi.tpnet.pl 01.08.06, 17:02
              Log wyglada ok.
              • mazzz Re: Reklamiarz? czy co to kurde jest!? :P (log) 01.08.06, 17:05
                :) super
                dziękuję jeszcze raz za pomoc :] :*
Pełna wersja