Taka moja sugestia; zanim wkleisz loga na forum, wklej go tutaj: http://www.hijackthis.de/en

Pozdrawiam,

[quote="EL NINO"]Ladnie kurna. My mamy oczy wytezac a Ty smietanke zbierasz ? :P

Dzieki wielkie, smietanka jest dobry uczynek i zadowolenie na twarzy :)

1jedrzej1:

Kolejne swiateczne pozadki u znajomych

Ladnie kurna. My mamy oczy wytezac a Ty smietanke zbierasz ? :P


Usun:

C:WINDOWSSystem32systime.exe
C:WINDOWSSystem32msrexe.exe
C:Program FilesInternet Optimizeroptimize.exe
C:Program FilesCashBackincashback.exe
C:Program FilesBullsEye Networkinargains.exe
C:WINDOWSSystem32systime.exe
C:Documents and SettingsKaNaReKDane aplikacjioaaa.exe
C:WINDOWSSystem32?ttrib.exe
C:Program FilesCommon FilesGMTGMT.exe
C:Program FilesInternet Optimizeractalert.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {7B55BB05–0B4D–44fd–81A6–B136188F5DEB} – C:WINDOWSquestmod.dll
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [CashBack] C:Program FilesCashBackincashback.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv407/x.chm::/load.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Johodi32.dll
O23 – Service: ISEXEng – Unknown – C:WINDOWSSystem32angelex.exe

Jesli tak ma byc, to pozostaw. Jesli nie, usun:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://zakladka.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://zakladka.pl

Kolejne swiateczne pozadki u znajomych

Logfile of HijackThis v1.99.0
Scan saved at 14:21:14, on 2004–12–31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCreativeShareDLLCtNotify.exe
C:WINDOWSSystem32CTsvcCDA.EXE
C:Program FilesElaborate BytesCloneCDCloneCDTray.exe
C:WINDOWSSystem32systime.exe
C:WINDOWSSystem32msrexe.exe
C:Program FilesInternet Optimizeroptimize.exe
C:Program FilesCashBackincashback.exe
C:Program FilesBullsEye Networkinargains.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32systime.exe
C:Documents and SettingsKaNaReKDane aplikacjioaaa.exe
C:WINDOWSSystem32?ttrib.exe
C:Program FilesCreativeShareDLLMediaDet.Exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesCommon FilesGMTGMT.exe
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesSpybot – Search & DestroySpybotSD.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsKaNaReKPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://zakladka.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://zakladka.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://zakladka.pl
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://zakladka.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {7B55BB05–0B4D–44fd–81A6–B136188F5DEB} – C:WINDOWSquestmod.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [Disc Detector] C:Program FilesCreativeShareDLLCtNotify.exe
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesElaborate BytesCloneCDCloneCDTray.exe"
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [CashBack] C:Program FilesCashBackincashback.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv407/x.chm::/load.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Johodi32.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:WINDOWSSystem32CTsvcCDA.EXE
O23 – Service: ISEXEng – Unknown – C:WINDOWSSystem32angelex.exe

To nie ja, ja mam dobrze zabezpieczony komputer, nie mam syfu.
Po prostu robie przysluge znajomym i rodzince na gwiazde i wywalam ten cały syf, a ze nie moge sobie sam z wszystkim pradzic to prosze was o pomoc.

Oto moj log:

Logfile of HijackThis v1.97.7
Scan saved at 16:48:48, on 2004–12–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesGameDeviceDriverRFPIcon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesD–Link AirPlusAIRPLUS.EXE
C:Program FilesGadu–Gadugg.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesWinampwinamp.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program Files otalcmdTOTALCMD.EXE
C:!Programysystem!bezpieczenstwoHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [RTBatteryMeter] C:Program FilesGameDeviceDriverRFPIcon.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–GaduPowergg.exe" /tray
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – Startup: D–Link AirPlus.lnk = C:Program FilesD–Link AirPlusAIRPLUS.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{A85B054C–C3F4–4898–8744–4937E8AF25EF}: NameServer = 194.204.159.1,194.204.152.34

1jedrzej1:

Czy tu jest cos czego byc nie powinno ?? :?

Nie potrafisz porownac nawet ze swoimi wczesniejszymi postami ? Przeciez masz syfu w cholere.

C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:Documents and SettingsMateuszDane aplikacjiceur.exe
C:WINDOWSSystem32m?iexec.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:Program FilesWeb_RebatesWebRebates1.exe

O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKCU..Run: [Ratc] C:Documents and SettingsMateuszDane aplikacjiceur.exe
O4 – HKCU..Run: [Vnq] C:WINDOWSSystem32m?iexec.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.crazywinnings.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.topconverting.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–511111113457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–511111113458} – file://c:x.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.advnt01.com/dialer/russia.CAB
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) – file://C:TempEI4EI40_msxml4.cab

Opanuj sie chlopie z tym klikaniem gdzie popadnie, bo to juz zaczyna byc nudne.

aha i jeszcze sprawa dotyczaca tego net24, otorz domyslam sie ze oprogramowanie dostepowe net24 jest trefne, dlatego ze po instalacji modemu, aplikacji dostepowej i przy pierwszym uruchomieniu neta do kompa wchodzi jakis robak ktory blokuje neta, wykozystuje jakas luke w windowsie, moze wlasnie tak jest bo instalacja sp2 przed zainstalowaniem net24 pomogla. Oto co zrobilem:

nowy windows
avast
spybot + tea timer
service pack 2

no i teraz dopiero net24
narazie zadnych problemow

Czy tu jest cos czego byc nie powinno ?? :?

Logfile of HijackThis v1.97.7
Scan saved at 11:07:04, on 2004–12–24
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSYSTEM32 undll32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:Program FilesWanadoo askbaricon.exe
C:Program FilesD–Toolsdaemon.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCursorXPCursorXP.exe
C:Documents and SettingsMateuszDane aplikacjiceur.exe
C:WINDOWSSystem32m?iexec.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:Program Filesgadu–gaduGadu–Gadugg.exe
C:PROGRA~1INCRED~1inIMApp.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:Documents and SettingsMateuszPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: NetSprint Toolbar – {12F02779–6D88–4958–8AD3–83C12D86ADC7} – C:Program FilesNetSprint Toolbar oolbar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:Program FilesWanadoo askbaricon.exe
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe –startgui
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe –s
O4 – HKCU..Run: [Ratc] C:Documents and SettingsMateuszDane aplikacjiceur.exe
O4 – HKCU..Run: [Vnq] C:WINDOWSSystem32m?iexec.exe
O4 – HKCU..Run: [IncrediMail] C:PROGRA~1INCRED~1inIncMail.exe /c
O4 – HKCU..Run: [Gadu–Gadu] "C:Program Filesgadu–gaduGadu–Gadugg.exe" /tray
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
O8 – Extra context menu item: &Szukaj w NetSprint.pl – res://C:Program FilesNetSprint Toolbar oolbar.dll/SEARCH.HTML
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.crazywinnings.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.topconverting.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–511111113457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–511111113458} – file://c:x.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.advnt01.com/dialer/russia.CAB
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) – file://C:TempEI4EI40_msxml4.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{24988770–6FD2–46E4–AEB6–D12A89730A37}: NameServer = 194.204.152.34 217.98.63.164

OT: Ten ktos to bardzo szybki jest
W jeden dzien taki za przeproszeniem "gnoj" zrobic :roll:
Jak juz łazić to rozsadnie

No z tym jest taki gnoj ze koniec.
Czy sie samo zaleglo czy nie to nie wiem, bo z komputera korzystaly tez inne osoby, ale ze stron to nie jest bo sprawdzalem historie

1jedrzej1:

No jednak w 100 % nie pomoglo bo problem powrociol, z wieksza iloscie procesow

Tylko nie gadaj, ze samo sie to u Ciebie zaleglo.

Z loga i dysku:

C:WINDOWSSystem32 vsc32.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:WINDOWSSystem32Windows.exe
C:Program FilesISTsvcistsvc.exe
C:WINDOWSdogom.exe
C:WINDOWSSystem32drg.exe
C:Program FilesInternet Optimizeroptimize.exe
C:program files180solutionssais.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesWeb_RebatesWebRebates1.exe

R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O4 – HKLM..Run: [NvCplScan] nvsc32.exe
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [blah service] Windows.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [8ePD] C:WINDOWSdogom.exe
O4 – HKLM..Run: [clause] drg.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [sais] c:program files180solutionssais.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [8@]"?igYC:Program FilesISTsvcistsvc.exe] C:WINDOWSdogom.exe
O4 – HKLM..RunServices: [NvCplScan] nvsc32.exe
O4 – HKLM..RunServices: [blah service] Windows.exe
O4 – HKLM..RunServices: [clause] drg.exe
O4 – HKLM..RunOnce: [NvCplScan] nvsc32.exe
O4 – HKCU..Run: [NvCplScan] nvsc32.exe
O4 – HKCU..Run: [clause] drg.exe
O4 – HKCU..RunOnce: [NvCplScan] nvsc32.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll

No jednak w 100 % nie pomoglo bo problem powrociol, z wieksza iloscie procesow:

Oto log:

Logfile of HijackThis v1.99.0
Scan saved at 16:08:39, on 2004–12–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32drwtsn32.exe
C:WINDOWSSystem32 vsc32.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:WINDOWSSystem32Windows.exe
C:Program FilesISTsvcistsvc.exe
C:WINDOWSdogom.exe
C:WINDOWSSystem32drg.exe
C:Program FilesInternet Optimizeroptimize.exe
C:program files180solutionssais.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:Documents and SettingsAdasPulpitDoMiNiSiaGadu–Gadugg.exe
C:Program FileseMuleemule.exe
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:DownloadsHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:PROGRA~1ISTbaristbar.dll
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [NvCplScan] nvsc32.exe
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [blah service] Windows.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [8ePD] C:WINDOWSdogom.exe
O4 – HKLM..Run: [clause] drg.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [sais] c:program files180solutionssais.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe –startgui
O4 – HKLM..Run: [8@]"igYC:Program FilesISTsvcistsvc.exe] C:WINDOWSdogom.exe
O4 – HKLM..RunServices: [NvCplScan] nvsc32.exe
O4 – HKLM..RunServices: [blah service] Windows.exe
O4 – HKLM..RunServices: [clause] drg.exe
O4 – HKLM..RunOnce: [NvCplScan] nvsc32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKCU..Run: [NvCplScan] nvsc32.exe
O4 – HKCU..Run: [clause] drg.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Documents and SettingsAdasPulpitDoMiNiSiaGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe –AutoStart
O4 – HKCU..RunOnce: [NvCplScan] nvsc32.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:PROGRA~1FlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:PROGRA~1FlashGetjc_all.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O23 – Service: avast! iAVS4 Control Service – Unknown – C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 – Service: Pml Driver HPZ12 – HP – C:WINDOWSSystem32HPZipm12.exe
O23 – Service: Sygate Personal Firewall – Sygate Technologies, Inc. – C:Program FilesSygateSPFsmc.exe

Co usunac?

Dzieki pomoglo w 100 %

Wydaje mi sie ze ta porada przyda sie sporej rzeszy uzytkownikow net24, poniewaz bardzo czesto (zauwazylem) ze zdarza sie tak ze po instalacji softu netii do polaczenia z netem jakis robak tak zapycha lacze (wysyal z maksymalna predkoscia 150 kb/s) ze prawie wcale nie mozna otworzyc stronek.
Ta porada usuwa to w 100 %

Wczesniej abym mogl kozystac z netu zablokowalem wiekszosc aplikacji progremem Sygate Personal Firewall.
Po tym zabiegu ten program nie jest konieczny, wszystko jest Allow (czyli nieblokowane) i nic nie wysyla

Jeszcze raz dzieki

Wylacz przywracanie

Zakoncz procesy:
winupdate.exe
Windows.exe

Usun pliki:
winupdate.exe (W32.IRCBot.E)
Windows.exe (W32.Spybot.Worm )

FIX:

O4 – HKLM..Run: [winupdate.reg] winupdate.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunServices: [blah service] Windows.exe
O4 – HKLM..RunServices: [winupdate.reg] winupdate.exe
O4 – HKCU..Run: [winupdate.reg] winupdate.exe
O4 – HKCU..RunOnce: [winupdate.reg] winupdate.exe

Wlacz przywracanie

Mam ten sam problem, wklejam procesy:

Logfile of HijackThis v1.99.0
Scan saved at 17:20:24, on 2004–12–19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32savedump.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32drwtsn32.exe
C:WINDOWSSystem32winupdate.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32Windows.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1AdasUSTAWI~1TempRar$EX00.234HijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [blah service] Windows.exe
O4 – HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe –startgui
O4 – HKLM..Run: [winupdate.reg] winupdate.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunServices: [blah service] Windows.exe
O4 – HKLM..RunServices: [winupdate.reg] winupdate.exe
O4 – HKLM..RunOnce: [winupdate.reg] winupdate.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKCU..Run: [winupdate.reg] winupdate.exe
O4 – HKCU..RunOnce: [winupdate.reg] winupdate.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:PROGRA~1FlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:PROGRA~1FlashGetjc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O17 – HKLMSystemCS2ServicesTcpip..{00EBCC67–C2B4–4AA1–BFA1–DE094FACB146}: NameServer = 195.114.161.61 195.114.181.130
O23 – Service: avast! iAVS4 Control Service – Unknown – C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 – Service: Sygate Personal Firewall – Sygate Technologies, Inc. – C:Program FilesSygateSPFsmc.exe

dzik_gks4:

Mam problem mam usługe net24 komfort (internet) zainstalowałem windows xp profesional łącząc się z internetem w SpeedTouch USB Diagnostics (PPP)(programie diagnostycznym)
zostają wysyłane dane nie wiem co sie dzieje nie wiem do kogo są wysyłane. Przez to nie moge wejść na źadną strone trwa to około 1min
.W windowsie 98 second edition nie mam takiego problemu.Co mam robić?????

Skanowanie z udzialem aktualnych baz wirusów programem AntyVirusowym zostalo przeprowadzone ??
Zrob to on–line jesli nie masz zainstalowanego zadnego AV

W przypadku zauwazenia szkondnikow z ktore AV wykrył ale nie potrafi usunac wklej log z programu HijackThis