skmincie te akcjie wolny internet gg ******* wezie cto ogaranicje prosba wielka jest

Logfile of HijackThis v1.99.1

Scan saved at 02:51:44, on 2005-07-20

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\Program Files\Eset\nod32krn.exe

C:\windows\System32\nvsvc32.exe

C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

C:\windows\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\OutLaster\shhost.exe

C:\Program Files\webHancer\Programs\whSurvey.exe

C:\windows\System32\rundll32.exe

C:\Program Files\webHancer\Programs\whAgent.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\Program Files\Czffc\Hmmfsi.exe

C:\windows\System32\mskvr4vm.exe

C:\windows\System32\paytime.exe

C:\program files\180searchassistant\sac.exe

C:\windows\System32\newdial1.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\windows\tyjpu.exe

C:\Program Files\Internet Optimizer\actalert.exe

C:\windows\System32\msxct.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\windows\System32\paytime.exe

C:\windows\System32\??plorer.exe

C:\Program Files\rbhs\hhes.exe

C:\windows\System32\newdial1.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Documents and Settings\kasienka\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 www.awmdabest.com

O1 - Hosts: 127.0.0.3 www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 www.allforadult.com

O1 - Hosts: 127.0.0.3 www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: 127.0.0.3 www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 www.vparivalka.com

O1 - Hosts: 127.0.0.3 iframeprofit.com

O1 - Hosts: 127.0.0.3 www.iframeprofit.com

O1 - Hosts: 127.0.0.3 topsearch10.com

O1 - Hosts: 127.0.0.3 www.topsearch10.com

O1 - Hosts: 127.0.0.3 statscash.biz

O1 - Hosts: 127.0.0.3 www.statscash.biz

O1 - Hosts: 127.0.0.3 vxiframe.biz

O1 - Hosts: 127.0.0.3 www.vxiframe.biz

O1 - Hosts: 127.0.0.3 crazy-toolbar.com

O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.3 topcash.biz

O1 - Hosts: 127.0.0.3 www.topcash.biz

O1 - Hosts: 127.0.0.3 loadcash.biz

O1 - Hosts: 127.0.0.3 www.loadcash.biz

O2 - BHO: (no name) - {1436DADD-481E-63EA-3800-4B31C1CBFFCB} - C:\windows\System32\vye.dll

O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\windows\System32\vbrundll.dll

O2 - BHO: (no name) - {211BEADD-652D-56DE-1530-7B1CF1FBD2FB} - C:\windows\System32\vye.dll

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\sachook.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {533DF8E7-7115-4FE2-2F23-6A2D82FCA6F9} - C:\windows\System32\ikjzslxo.dll (file missing)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\windows\wsem303.dll

O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\windows\System32\nst219.dll

O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\windows\System32\nsf2.dll

O2 - BHO: (no name) - {C65E6B9D-EA67-D8C8-5774-AFC1ECD464A5} - C:\windows\System32\tgjk.dll (file missing)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O2 - BHO: (no name) - {D1544E0B-97F3-F40A-91F8-87D3EDC520F8} - C:\windows\System32\dxvjir.dll (file missing)

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\windows\System32\msbe.dll

O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\windows\System32\richedtr.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [Rdjzxdc] C:\Program Files\Czffc\Hmmfsi.exe

O4 - HKLM\..\Run: [mskvr4vm] C:\windows\System32\mskvr4vm.exe

O4 - HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe

O4 - HKLM\..\Run: [sac] c:\program files\180searchassistant\sac.exe

O4 - HKLM\..\Run: [huninqt] C:\WINDOWS\huninqt.exe

O4 - HKLM\..\Run: [regsync] C:\windows\System32\regsync.exe

O4 - HKLM\..\Run: [richup] C:\windows\System32\richup.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [SUBBg6] C:\windows\tyjpu.exe

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [msxct] msxct.exe

O4 - HKLM\..\Run: [bO˛ůđ\×y-ŻŚ] C:\windows\tyjpu.exe

O4 - HKLM\..\Run: [bO˛ůőö/ŘG%)ßfĎNb˝ľC:\Program Files\ISTsvc\istsvc.exe] C:\windows\tyjpu.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PayTime] C:\windows\System32\paytime.exe

O4 - HKCU\..\Run: [Jviadv] C:\windows\System32\??plorer.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O15 - Trusted Zone: *.bestcounter.biz

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 195.95.218.170

O15 - Trusted IP range: 195.95.218.170 (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c420.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732

O17 - HKLM\System\CCS\Services\Tcpip\..\{9200B79E-3418-4B2A-8FF9-F2B6BDEB0FBA}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{9200B79E-3418-4B2A-8FF9-F2B6BDEB0FBA}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

Syfu masz w tym logu od cholery. Głownie jakieś syfy ze stron pornograficznych :? , Ja ci wiele nie pomogę ale zaczekaj do rana to może Duch luknie na to okiem

kolor123 po pierwsze - nazywaj tematy normalnie

po drugie - nie bluzgaj :evil:

po trzecie - pisz po polsku - ten bełkot trudno zromumieć

:x

jeszcze jeden taki wyskok --> i skończy się to wyciągnięciu konsekwencji - a one opisane są w regulaminie :twisted:

taa

w logu jest kupa szitów. Proponuje skan:

Ad-aware SE Personal

http://dobreprogramy.pl/index.php?dz=2&id=107&t=55

Spybot Search & Destroy 1.4

http://dobreprogramy.pl/index.php?dz=2&id=188&t=55

CWShredder

http://www.dobreprogramy.pl/index.php?dz=2&id=657&t=55

PestPatrol

http://download.zonelabs.com/bin/free/p … olHome.exe

oraz skanery :

http://skaner.mks.com.pl/

http://kaspersky.pl/services.html?s=online_vir_chk

http://www.pandasoftware.com/activescan … ncipal.htm

usuń cały syf i wklej ponownie loga

Pierwszy raz spotykam sie z takim zasyfionym logiem :roll:

Czy masz jakiś program antywirusowy na kompie bo w logu go nie moge zlokazizować.

Nie mam nic do wojego wchodzenia na strony xxx ale jak już to polecałbym robić to posiadając jakiś program antyvirusowy. Chociażby darmowy Avast

ten syf to jest głównie z braku SP2. Sam AV nie poblokuje spyware i innych szitów 8)

:o :o :o :o :o

Ale masz syf

Tak jest zrób skany które podał detektyw 997 nie wszystkiego sie pozbedziesz ale napewno po tych skanach syfu bedzie mniej.

Jeszcze przeleć tymi skanerami:

Trend

Dr.Web

BitDefender

I dopiero daj loga bedziemy walczyć z tym syfem

Ja dorzucę i zapodaj: KillTrusted 0.7, CWS.Systime Removal 3.5, FxIstbar.exe.

Odinstaluj w awaryjnym: BullsEye Network, webHancer, Media Access, Internet Optimizer, 180searchassistant, NewDotNet

Najpierw odinstaluj w awaryjnym te programy, potem zapodaj te narzędzia wyżej i scanery a na końcu nowy LOG i usuniemy resztę