<p>Logfile of HijackThis v1.99.1<br />Scan saved at 22:10:12, on 2006-09-05<br />Platform: Windows XP&nbsp; (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 (6.00.2600.0000)</p><p>Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\WINDOWS\System32\atievxx.exe<br />C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe<br />C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe<br />C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe<br />C:\PROGRA~1\NEOSTR~1\CnxMon.exe<br />C:\Program Files\Neostrada TP\taskbaricon.exe<br />C:\WINDOWS\System32\winsystems.exe<br />C:\WINDOWS\System32\mssecures.exe<br />C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe<br />C:\WINDOWS\System32\ctfmon.exe<br />C:\Program Files\SAGEM\SAGEM <a href="mailto:F@st">F@st</a> 800-840\dslmon.exe<br />C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe<br />C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />C:\Documents and Settings\qwe\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis1.99.1.zip\HijackThis.exe</p><p>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP<br />R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza<br />R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL<br />O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll<br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll<br />O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll<br />O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx<br />O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll<br />O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe<br />O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe<br />O4 - HKLM\..\Run: [msconfig38] mssvcc.exe<br />O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe<br />O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe<br />O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe<br />O4 - HKLM\..\Run: [winsystems25] winsystems.exe<br />O4 - HKLM\..\Run: [secures23] mssecures.exe<br />O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe<br />O4 - HKLM\..\Run: [msvcc25] svcchost.exe<br />O4 - HKLM\..\Run: [kav] &quot;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe&quot;<br />O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe<br />O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe<br />O4 - HKLM\..\RunServices: [secures23] mssecures.exe<br />O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe<br />O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe<br />O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe<br />O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe<br />O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe<br />O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe<br />O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM <a href="mailto:F@st">F@st</a> 800-840\dslmon.exe<br />O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra &#39;Tools&#39; menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - <a href="http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?0407451f125bb4702ef22c41b34bd5979c55160096913529835d16a72533d83b2e3f66b7061404865d208e54adc74b1fca7477cb89ffde9ea6bac6a5dfd81ba8c3f1f16ecc:155ff7b6a3c39e5d13b88244eaad9a2e">http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?0407451f125bb4702ef22c41b34bd5979c55160096913529835d16a72533d83b2e3f66b7061404865d208e54adc74b1fca7477cb89ffde9ea6bac6a5dfd81ba8c3f1f16ecc:155ff7b6a3c39e5d13b88244eaad9a2e</a><br />O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll<br />O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe<br />O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)<br />O23 - Service: Windows Services Configuration - Unknown owner - C:\WINDOWS\system32\lsvss.exe (file missing)</p><p>&nbsp;</p>

<p>Uruchom system wq awaryjnym, wyłącz przywracanie i usuń:<br /><BLOCKQUOTE><div>O4 - HKLM\..\Run: [msconfig38] <strong>mssvcc.exe<br /></strong>O4 - HKLM\..\Run: [winsystems25] <strong>winsystems.exe<br /></strong>O4 - HKLM\..\Run: [secures23] <strong>mssecures.exe</strong><br />O4 - HKLM\..\Run: [Microsoft Directxsp] <strong>directxbt.exe</strong><br />O4 - HKLM\..\Run: [msvcc25] <strong>svcchost.exe</strong><br />O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe<br />O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe<br />O4 - HKLM\..\RunServices: [secures23] mssecures.exe<br />O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe<br />O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe<br />O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe<br />O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe<br />O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - <a href="http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?0407451f125bb4702ef22c41b34bd5979c55160096913529835d16a72533d83b2e3f66b7061404865d208e54adc74b1fca7477cb89ffde9ea6bac6a5dfd81ba8c3f1f16ecc:155ff7b6a3c39e5d13b88244eaad9a2e">http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab***</a><br />O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\<strong>win32host.exe</strong> (file missing)<br />O23 - Service: Windows Services Configuration - Unknown owner - C:\WINDOWS\system32\<strong>lsvss.exe</strong> (file missing)</div></BLOCKQUOTE></p><p>Zastanawiam się czy Kaspersky tak dał ciała czy został dopiero po fakcie zainstalowany? Skanujesz czasem system? Myslałeś nad uaktualnieniem Windowsa?<br /></p>

Kaspersky nie dał ciała,został zajnstalowany na mjeisce Avasta :).Co do reszty to nie wiem bo to komp kumpla,ale fakt że był aż popuchnięty od tych trojan&oacute;w.