Log Pilne!

Ramzes · 4 Luty 2005 17:14

Proszę o pilne sprawdzenie loga. Dzięki

Logfile of HijackThis v1.99.0

Scan saved at 18:10:55, on 2005-02-04

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\??rss.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Documents and Settings\kubik 1\Dane aplikacji\toet.exe

C:\Program Files\EnhanceKeyboard\kb_2k.exe

C:\Program Files\LightSurf\Common\IconMgr.exe

C:\Program Files\LightSurf\Colorific\hgcctl95.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe

C:\Documents and Settings\kubik 1\Pulpit\Programy\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zakladka.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://zakladka.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A37FB445-2F86-3B13-86E0-74A2ACD76CC4} - C:\WINDOWS\System32\uej.dll

O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O3 - Toolbar: (no name) - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - (no file)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Ntos] C:\Documents and Settings\kubik 1\Dane aplikacji\toet.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe

O4 - Global Startup: enhanced keyboard driver.lnk = ?

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &Tlumacz z LING... - http://www.ling.pl/ling/def-src.php4

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\mrxddta.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosu .mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge-c46.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/9672/4284/4881/8600/1_9672428448818600.ocx

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games3.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Bdjccefl.dll

O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe

O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

Phylby · 4 Luty 2005 17:56

Wyłącz pzrywracanie systemu

Start kompa do wwryjnego

Zbij proces rss.exe. Usuń plik . Jest w C:\WINDOWS\system32

toet.exe tak samo .C:\Documents and Settings\kubik 1\Dane aplikacji

kb_2k.exe Tak samo . Usuń folder EnhanceKeyboard zC:\Program Files

Za pomocą HT usuń

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zakladka.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://zakladka.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A37FB445-2F86-3B13-86E0-74A2ACD76CC4} - C:\WINDOWS\System32\uej.dll

O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O3 - Toolbar: (no name) - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - (no file) 

O4 - HKCU\..\Run: [Ntos] C:\Documents and Settings\kubik 1\Dane aplikacji\toet.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe

O4 - Global Startup: enhanced keyboard driver.lnk = ?

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe 

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\mrxddta.exe  


O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosu .mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge-c46.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/9672/4284/4881/8600/1_9672428448818600.ocx

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games3.cab 

O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll

O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Bdjccefl.dll

SZukasz na dysku i usuwasz foldery/pliki systime , GMT , PrecisionTime

Udajesz sie na http://forum.dobreprogramy.pl/viewtopic.php?t=17728

i czytasz o LSP-Fix i DelDomains.inf . Pobierasz i stosujesz. Restart kompa.

Pobierasz :

Pestpatrol

Ewido Free Security Suite

ETD Security Scanner 3.0

http://www.download.com/ETD-Security-Sc … 29424.html

I sprawdzasz system… Usuwasz co znajda

Restart i sprawdzasz czy znikło co miało zniknąć