POMOCY!!!

IP: *.acn.waw.pl 27.01.05, 22:22
bARDZO PROSZE O SPRAWDZENIE MEGO hIJACJA:
Logfile of HijackThis v1.97.7
Scan saved at 22:21:22, on 2005-01-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.ex e
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.ex e
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched. exe
C:\Program Files\Java\j2re1.4.2_06\bin\jus ched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Documents and Settings\rodzik\Pulpit\HijackTh is.exe

R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.wp.pl/
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.search-control.com/search.cgi?id=270
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 7473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717370 6D1316} -
C:\WINDOWS\System32\spm1316.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027 A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck. exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched. exe" -osboot
O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
\bin\jusched.exe
O4 - HKLM\..\Run: [lczhjgzdlmfux] C:\WINDOWS\System32\rnjrhc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nqg] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll /cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll /cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll /cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll /cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll /cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: eBay - Homepage (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.kb24.pl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553 540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A3 2FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

DZIEKUJE eWA
    • m.gregor Re: POMOCY!!! 27.01.05, 22:34
      Sciagnij nowego HiJackThis, zrob nowego loga i nowego wklej tutaj.
      spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
      • Gość: Ewa Re: POMOCY!!! IP: *.acn.waw.pl 27.01.05, 22:54
        ok, oto on:
        Logfile of HijackThis v1.99.0
        Scan saved at 22:53:31, on 2005-01-27
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.ex e
        C:\WINDOWS\system32\services.ex e
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.ex e
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\Ati2evxx.ex e
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Real\Update_OB\realsched. exe
        C:\Program Files\Java\j2re1.4.2_06\bin\jus ched.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\System32\?ttrib.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Documents and Settings\rodzik\Ustawienia lokalne\Temp\Katalog tymczasowy 1
        dla hijackthis[1].zip\HijackThis.ex e

        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
        www.buldog-search.com/
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
        www.wp.pl/
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
        www.search-control.com/search.cgi?id=270
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF1057 7473F7} -
        c:\program files\google\googletoolbar2.dll
        O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717370 6D1316} - C:\WINDOWS\System32
        \spm1316.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027 A5CD4F} - c:\program
        files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck. exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched. exe" -osboot
        O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe
        O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
        \bin\jusched.exe
        O4 - HKLM\..\Run: [lczhjgzdlmfux] C:\WINDOWS\System32\rnjrhc.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Nqg] C:\WINDOWS\System32\?ttrib.exe
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar2.dll /cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar2.dll /cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar2.dll /cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar2.dll /cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar2.dll /cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} -
        C:\Program Files\Java\j2re1.4.2_06\bin\npj pi142_06.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npj pi142_06.dll
        O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89 F1AC7A} -
        C:\Program Files\IrfanView\Ebay\Ebay.htm
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O15 - Trusted Zone: www.kb24.pl
        O15 - Trusted IP range: 213.159.117.133
        O15 - Trusted IP range: (HKLM)
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A3 2FA6C5} (GameDesire Snooker) -
        67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
        O21 - SSODL: eplrr - {7A16061B-FAA4-4956-8C2E-C48672 E34502} -
        C:\WINDOWS\System32\eplrr3.dll (file missing)
        O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.ex e
        O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.ex e
        O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation Service - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation -
        C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
        O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1
        \COMMON~1\SYMANT~1\SCRIPT~1\SBS erv.exe
        O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common
        Files\Symantec Shared\Security Center\SymWSC.exe

        pomocy
        dzieki
        • Gość: piecyk gazowy Re: POMOCY!!! IP: *.tpnet.pl / *.tpnet.pl 27.01.05, 23:01
          Włącz zaporę: www.microsoft.com/poland/security/articles/use_icf.mspx

          Zaznacz poniższe pozycje i wciśnij Fix Checked.

          > R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
          > www.buldog-search.com/

          > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
          > www.search-control.com/search.c gi?id=270

          > O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717370 6D1316} - C:\WINDOWS\System32
          > \spm1316.dll

          > O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe

          > O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe
          > O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe

          > O4 - HKLM\..\Run: [lczhjgzdlmfux] C:\WINDOWS\System32\rnjrhc.exe

          > O4 - HKCU\..\Run: [Nqg] C:\WINDOWS\System32\?ttrib.exe

          > O15 - Trusted Zone: www.kb24.pl
          > O15 - Trusted IP range: 213.159.117.133
          > O15 - Trusted IP range: (HKLM)

          > O21 - SSODL: eplrr - {7A16061B-FAA4-4956-8C2E-C48672 E34502} -
          > C:\WINDOWS\System32\eplrr3.dll (file missing)

          Ściągnij ten plik www.mvps.org/winhelp2002/DelDomains.inf
          i zapisz go np. na pulpicie, później kliknij na nim PRAWYM przyciskiem myszy i
          wybierz Zainstaluj. Potem wklej nowego loga.
Pełna wersja