Prosze o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 19.11.06, 16:42
Logfile of HijackThis v1.99.1
Scan saved at 16:32:50, on 2006-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Perfect Codec\pmmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\TEXTware\HotKey\TWALINK.EXE
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Perfect Codec\pmsngr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
\Desktop\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program
Files\Perfect Codec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS
Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09
\bin\jusched.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common
Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common
Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet
Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -
nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\TWALINK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program
Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103116388720
O17 - HKLM\System\CCS\Services\Tcpip\..\{D52BB71E-92C3-47C4-815F-
1F189449784D}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} -
C:\WINDOWS\system32\jbtazy.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
    • Gość: Edyta Re: Prosze o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 19.11.06, 18:52
      Mam ciagle komunikat: System Alert: Trojan-spy.Win@mx,dostaje tez komunikaty o
      Cyber Log X Spyware. Komputer zaczyna pracowac bardzo wolno, zwlaszcza przy
      otwieraniu. Sa problemy przy otwieraniu Neostrady. Co robic????
    • Gość: Kolobos Re: Prosze o sprawdzenie loga IP: *.escom.net.pl 19.11.06, 19:09
      Z przyklejonego postu/naglwka forum:
      - zamknij porty przy pomocy wwdc.
      - wywal aplikacje od neostrady
      - zainstaluj i przeskanuj system przy pomocy ewido
      - zamiast nortona zainstaluj Antivir pe

      Odinstaluj: Pande, Nortona, SpywareDoctora

      Uzyj: siri.urz.free.fr/Fix/SmitfraudFix_En.php robisz to co masz opisane pod Clean, log, ktory sie utworzy po uzyci wklej na forum.

      W hjt usun:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.neostrada.pl
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program
      Files\Perfect Codec\isaddon.dll
      O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common
      Files\dc6_startupmon.exe" <- plik usun z dysku.
      O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common
      Files\ers_startupmon.exe" <- i ten.
      O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} -
      C:\WINDOWS\system32\jbtazy.dll <- plik usun z dysku.

      Log sie nie zmiescil doklej reszte od:
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
      • Gość: Edyta Ponowne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 11:22
        Logfile of HijackThis v1.99.1
        Scan saved at 11:18:14, on 2006-11-20
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Perfect Codec\pmsngr.exe
        C:\WINDOWS\System32\igfxtray.exe
        C:\WINDOWS\System32\hkcmd.exe
        C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\ltmoh\Ltmoh.exe
        C:\Program Files\Perfect Codec\pmmon.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
        C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
        C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
        \GoogleToolbarNotifier.exe
        C:\Program Files\TEXTware\HotKey\TWALINK.EXE
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Neostrada TP\NeostradaTP.exe
        C:\Program Files\Neostrada TP\ComComp.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
        \Desktop\Hijackthis\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
        Files\Java\jre1.5.0_09\bin\ssv.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
        Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar2.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
        Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
        O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
        C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
        Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS
        Keyboard V4 Launcher\SENSKBD.EXE"
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
        Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001
        \pl-pl\msnappau.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09
        \bin\jusched.exe"
        O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet
        Security 2006\pccguide.exe"
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
        Defender\MSASCui.exe" -hide
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
        Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-
        Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -
        nosplash -minimized
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [swg] C:\Program
        Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\TWALINK.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
        \MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program
        Files\BitSpirit\bsurl.htm
        O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
        Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
        v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103116388720
        O17 - HKLM\System\CCS\Services\Tcpip\..\{D52BB71E-92C3-47C4-815F-1F189449784D}:
        NameServer = 194.204.152.34 217.98.63.164
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
        \MSNMES~1\msgrapp.dll" (file missing)
        O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
        4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
        Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
        GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
        owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
        (file missing)
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\L
        • Gość: Kolobos Re: Ponowne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 11:24
          Nie prosilem Cie o nowy log z hjt, a jedynie o koncowke, ktora sie nie zmiescila oraz log z smit.., ktorego nawet nie uzylas. Czy tak trudno czytac to co napisalem i wykonac?
          • Gość: Edyta Re: Ponowne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 12:04
            Przepraszam.
            Zainstalowalam i przeskanowalam system przy pomocy evido, zmienilam program
            antywirusowy na Antivir, odinstalowalam dwa programy antywirusowe, jak prosiles.
            Porty sa zamkniete, dostaje komunikat, ze system jest bezpieczny. Mam problemy
            z odnalezieniem Pandy i nie moglam uzyc Smita. Pojawil sie
            komunikat:Process.exe file missing Unzip all the archive in a folder. Nie
            rozumiem tego i nie wiem, co teraz robic. Wyslalam caly log bo dokonalam
            zalecanych zmian. Aplikacje Neostrady zostawilam narazie. System dziala
            sprawniej, nadal pojawiaja sie komunikaty o zagrozeniu systemu, teraz np.
            System Alert: Malware Threats
            • Gość: Kolobos Re: Ponowne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 13:17
              Antywirus zablokowal lub usunal Ci plik process.exe na czas skanowania wylacz antywirus.
              • Gość: Edyta Re: Ponowne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 13:52
                Wylaczylam AntiVir i nic to nie dalo
                • Gość: Kolobos Re: Ponowne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 14:41
                  Wypakowalas wszystkie pliki do katalogu? Masz w nim plik process.exe ?
                  Zatrzymaj w services.msc usluge antywirusa.

                  Postaraj sie bardziej i tym razem uruchom jak trzeba.
                  • Gość: Edyta Re: Ponowne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 16:21
                    Nie wiem czy to o to chodzi. Staram sie jak moge
                    SmitFraudFix v2.123

                    Scan done at 16:15:36,34, 2006-11-20
                    Run from C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
                    \Desktop\SmitfraudFix\SmitfraudFix
                    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
                    Fix run in normal mode

                    »»»»»»»»»»»»»»»»»»»»»»»» C:\


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
                    \Application Data


                    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWNER~4.SAM\FAVORI~1


                    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


                    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

                    C:\Program Files\Perfect Codec\ FOUND !
                    C:\Program Files\VirusBursters\ FOUND !

                    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


                    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

                    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
                    "Source"="About:Home"
                    "SubscribedURL"="About:Home"
                    "FriendlyName"="My Current Home Page"


                    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
                    !!!Attention, following keys are not inevitably infected!!!

                    SrchSTS.exe by S!Ri
                    Search SharedTaskScheduler's .dll

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTas
                    kScheduler]
                    "{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"



                    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
                    !!!Attention, following keys are not inevitably infected!!!

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                    "AppInit_DLLs"=""


                    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


                    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


                    »»»»»»»»»»»»»»»»»»»»»»»» End

                    • Gość: Kolobos Re: Ponowne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 16:40
                      Prawie dobrze ale mialas wybrac opcje 2 Clean, a nie Scan wiec jeszcze raz i nowy log.
                      • Gość: Edyta Re: Ponowne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 16:53
                        SmitFraudFix v2.123

                        Scan done at 16:51:08,73, 2006-11-20
                        Run from C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
                        \Desktop\SmitfraudFix\SmitfraudFix
                        OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
                        Fix run in normal mode

                        »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
                        !!!Attention, following keys are not inevitably infected!!!

                        SrchSTS.exe by S!Ri
                        Search SharedTaskScheduler's .dll

                        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                        GenericRenosFix by S!Ri


                        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


                        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                        Registry Cleaning done.

                        »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
                        !!!Attention, following keys are not inevitably infected!!!

                        SrchSTS.exe by S!Ri
                        Search SharedTaskScheduler's .dll


                        »»»»»»»»»»»»»»»»»»»»»»»» End

                        • Gość: Kolobos Re: Ponowne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 18:19
                          Wklej jeszcze kontrolnie nowy log z hijackthis.
                          • Gość: Edyta Kontrolne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 18:25
                            Logfile of HijackThis v1.99.1
                            Scan saved at 18:23:06, on 2006-11-20
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\SYSTEM32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Windows Defender\MsMpEng.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
                            C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
                            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                            C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                            C:\WINDOWS\System32\igfxtray.exe
                            C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                            C:\WINDOWS\System32\hkcmd.exe
                            C:\WINDOWS\AGRSMMSG.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\ltmoh\Ltmoh.exe
                            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
                            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
                            C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
                            C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
                            C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
                            C:\Program Files\Windows Defender\MSASCui.exe
                            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                            C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Skype\Phone\Skype.exe
                            C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
                            \GoogleToolbarNotifier.exe
                            C:\Program Files\TEXTware\HotKey\TWALINK.EXE
                            C:\Program Files\Neostrada TP\NeostradaTP.exe
                            C:\Program Files\Neostrada TP\ComComp.exe
                            C:\Program Files\Neostrada TP\Watch.exe
                            C:\WINDOWS\explorer.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Documents and Settings\Owner.SAMSUNG-VUJ27O0
                            \Desktop\Hijackthis\hijackthis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.neostrada.pl
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                            C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
                            Files\Java\jre1.5.0_09\bin\ssv.dll
                            O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
                            Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                            c:\program files\google\googletoolbar2.dll
                            O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
                            Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
                            O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
                            C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
                            O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
                            Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                            files\google\googletoolbar2.dll
                            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
                            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
                            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                            O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
                            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS
                            Keyboard V4 Launcher\SENSKBD.EXE"
                            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
                            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
                            O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
                            Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
                            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
                            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
                            O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001
                            \pl-pl\msnappau.exe"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09
                            \bin\jusched.exe"
                            O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet
                            Security 2006\pccguide.exe"
                            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
                            Defender\MSASCui.exe" -hide
                            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-
                            Spyware 7.5\avgas.exe" /minimized
                            O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
                            Classic\avgnt.exe" /min
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -
                            nosplash -minimized
                            O4 - HKCU\..\Run: [Skype] "C:\Program
                            Files\Skype\Phone\Skype.exe" /nosplash /minimized
                            O4 - HKCU\..\Run: [swg] C:\Program
                            Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                            Office\Office10\OSA.EXE
                            O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\TWALINK.EXE
                            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
                            \MICROS~2\Office10\EXCEL.EXE/3000
                            O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program
                            Files\BitSpirit\bsurl.htm
                            O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
                            C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
                            00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                            C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
                            00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
                            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
                            Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                            v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103116388720
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{D52BB71E-92C3-47C4-815F-1F189449784D}:
                            NameServer = 194.204.152.34 217.98.63.164
                            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
                            \MSNMES~1\msgrapp.dll" (file missing)
                            O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
                            4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
                            O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
                            O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
                            Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
                            O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
                            GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
                            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
                            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
                            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
                            owner - C:\Program Files\Common Files\Symantec Shared\
                            • Gość: Kolobos Re: Kontrolne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 18:42
                              W logu dalej wiedze pelno jakichs antywirusow.
                              Odinstaluj: Pande, Tren Micro, Resztki Nortona/Symantec'a.
                              Wywal tez aplikacje od neostrady, opis masz w przyklejonym, jest ona calkowicie zbedna.

                              W hjt usun:
                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
                              R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                              C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
                              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
                              O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet
                              Security 2006\pccguide.exe" <- tu masz trend micro, a masz miec JEDEN antywirus.

                              Doklej to co sie nie zmiescilo od wpisu:
                              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
                              owner - C:\Program Files\Common Files\Symantec Shared\
                              • Gość: Edyta Re: Kontrolne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 20:14
                                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
                                owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
                                (file missing)
                                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1
                                \LUCOMS~2.EXE
                                O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
                                C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                                O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
                                Software - C:\Program Files\Alcohol Soft\Alcohol 120
                                \StarWind\StarWindService.exe
                                O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
                                Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

                                • Gość: Kolobos Re: Kontrolne sprawdzenie loga IP: *.escom.net.pl 20.11.06, 20:22
                                  Koniec jest ok ale zrob to co napisalem w poprzednim poscie i odinstaluj te wszystkie programy i nigdy wiecej nie instaluj wiecej niz jednego antywirusa (nie mowiac juz o 4...).
                                  • Gość: Edyta Re: Kontrolne sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 20.11.06, 21:51
                                    Dobrze, postaram sie.
                                    Bardzo dziekuje za pomoc. Dobranoc
Pełna wersja