plis sprawdzcie loga!!!!

05.02.05, 18:40
Logfile of HijackThis v1.99.0
Scan saved at 18:36:52, on 2005-02-05
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\av gamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\av gupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\RUNDLL32.EX E
C:\WINDOWS\System32\rundll32.ex e
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\swwhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MartaK\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\OL2FSL6F\Hija ckThis[1].exe

R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.c om
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
C:\WINDOWS\System32\porynt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus
Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda
Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunServices: [MSN] exe.exe
O4 - HKLM\..\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.ex e
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunServices: [MSN] exe.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Offi ce10\EXCEL.EXE/3000
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111 111157} - ms-
its:mhtml:file://C:\nosuch.mht!
213.159.117.203/dl/adv642/x.chm::/load.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7 B6B35C} (Loader2 Control) -
iframedollars.biz/tb/loader2.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{BBA00C06-815F-45F0-BC2D-
01D5FAF3B955}: NameServer = 212.75.96.2,212.75.112.130
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
C:\WINDOWS\System32\porynt.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
C:\WINDOWS\System32\porynt.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda
Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
Software\Panda Antivirus Platinum\pavsrv51.exe

    • Gość: piecyk gazowy Re: plis sprawdzcie loga!!!! IP: *.tpnet.pl / *.tpnet.pl 05.02.05, 19:13
      KONIECZNIE odinstaluj jednego antywirusa.

      Do wyrzucenia:

      > R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
      > 213.159.117.134/index.php

      > O1 - Hosts: 127.0.0.3 www.greg-tut.com
      > O1 - Hosts: 127.0.0.3 nylonsexy.com
      > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
      > O1 - Hosts: 127.0.0.3 vparivalka.com
      > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.c om
      > O1 - Hosts: 127.0.0.3 www.awmdabest.com
      > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
      > O1 - Hosts: 127.0.0.3 awmdabest.com
      > O1 - Hosts: 127.0.0.3 sexfiles.nu
      > O1 - Hosts: 127.0.0.3 allforadult.com
      > O1 - Hosts: 127.0.0.3 www.allforadult.com
      > O1 - Hosts: 127.0.0.3 www.iframe.biz
      > O1 - Hosts: 127.0.0.3 iframe.biz
      > O1 - Hosts: 127.0.0.3 www.newiframe.biz
      > O1 - Hosts: 127.0.0.3 newiframe.biz
      > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
      > O1 - Hosts: 127.0.0.3 vesbiz.biz
      > O1 - Hosts: 127.0.0.3 www.pi..to.biz
      > O1 - Hosts: 127.0.0.3 pi..to.biz
      > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
      > O1 - Hosts: 127.0.0.3 aaasexypics.com
      > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 www.awmcash.biz
      > O1 - Hosts: 127.0.0.3 awmcash.biz
      > O1 - Hosts: 127.0.0.3 buldog-stats.com
      > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
      > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
      > O1 - Hosts: 127.0.0.3 slutmania.biz
      > O1 - Hosts: 127.0.0.3 www.slutmania.biz
      > O1 - Hosts: 127.0.0.3 toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.megapornix.com
      > O1 - Hosts: 127.0.0.3 megapornix.com
      > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
      > O1 - Hosts: 127.0.0.3 sp2fucked.biz
      > O1 - Hosts: 127.0.0.3 greg-tut.com
      > O1 - Hosts: 213.159.117.203/dkprogs/hosts.t xt

      > O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
      > C:\WINDOWS\System32\porynt.dll

      > O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
      > O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
      > O4 - HKLM\..\RunServices: [MSN] exe.exe
      > O4 - HKLM\..\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.ex e
      > O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.
      exe
      > O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe

      > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      > O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe

      > O4 - HKCU\..\RunServices: [MSN] exe.exe
      > O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.
      exe
      > O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe

      > O15 - Trusted Zone: *.blazefind.com
      > O15 - Trusted Zone: *.clickspring.net
      > O15 - Trusted Zone: *.flingstone.com
      > O15 - Trusted Zone: *.iframedollars.biz
      > O15 - Trusted Zone: *.mt-download.com
      > O15 - Trusted Zone: *.my-internet.info
      > O15 - Trusted Zone: *.searchmiracle.com
      > O15 - Trusted Zone: *.skoobidoo.com
      > O15 - Trusted Zone: *.slotchbar.com
      > O15 - Trusted Zone: *.windupdates.com
      > O15 - Trusted Zone: *.ysbweb.com
      > O15 - Trusted Zone: *.blazefind.com (HKLM)
      > O15 - Trusted Zone: *.clickspring.net (HKLM)
      > O15 - Trusted Zone: *.flingstone.com (HKLM)
      > O15 - Trusted Zone: *.iframedollars.biz (HKLM)
      > O15 - Trusted Zone: *.mt-download.com (HKLM)
      > O15 - Trusted Zone: *.my-internet.info (HKLM)
      > O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      > O15 - Trusted Zone: *.slotchbar.com (HKLM)
      > O15 - Trusted Zone: *.windupdates.com (HKLM)
      > O15 - Trusted Zone: *.ysbweb.com (HKLM)
      > O15 - Trusted IP range: 213.159.117.202
      > O15 - Trusted IP range: 213.159.117.202 (HKLM)
      > O16 - DPF: {11111111-1111-1111-1111-111111 111157} - ms-
      > its:mhtml:file://C:\nosuch.mht!
      > 213.159.117.203/dl/adv642/x.chm ::/load.exe
      > O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7 B6B35C} (Loader2 Control) -
      > iframedollars.biz/tb/loader2.oc x

      > O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
      > C:\WINDOWS\System32\porynt.dll
      > O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
      > C:\WINDOWS\System32\porynt.dll

      Wklej nowego loga.
      • orrangge Re: plis sprawdzcie loga!!!! 05.02.05, 20:17
        dzieki :) ale nie umiem wywalić tych cholernych hostów


        Logfile of HijackThis v1.99.0
        Scan saved at 20:17:23, on 2005-02-05
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\services.ex e
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\av gamsvr.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\av gupsvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
        C:\WINDOWS\System32\RUNDLL32.EX E
        C:\WINDOWS\System32\rundll32.ex e
        C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
        C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
        C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
        C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
        C:\WINDOWS\System32\swwhost.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\system32\rundll32.ex e
        C:\WINDOWS\PCHealth\HelpCtr\Bin aries\MSConfig.exe
        C:\WINDOWS\regedit.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        E:\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
        about:blank
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page = about:blank
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
        O1 - Hosts: 127.0.0.3 www.greg-tut.com
        O1 - Hosts: 127.0.0.3 nylonsexy.com
        O1 - Hosts: 127.0.0.3 www.nylonsexy.com
        O1 - Hosts: 127.0.0.3 vparivalka.com
        O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.c om
        O1 - Hosts: 127.0.0.3 www.awmdabest.com
        O1 - Hosts: 127.0.0.3 www.sexfiles.nu
        O1 - Hosts: 127.0.0.3 awmdabest.com
        O1 - Hosts: 127.0.0.3 sexfiles.nu
        O1 - Hosts: 127.0.0.3 allforadult.com
        O1 - Hosts: 127.0.0.3 www.allforadult.com
        O1 - Hosts: 127.0.0.3 www.iframe.biz
        O1 - Hosts: 127.0.0.3 iframe.biz
        O1 - Hosts: 127.0.0.3 www.newiframe.biz
        O1 - Hosts: 127.0.0.3 newiframe.biz
        O1 - Hosts: 127.0.0.3 www.vesbiz.biz
        O1 - Hosts: 127.0.0.3 vesbiz.biz
        O1 - Hosts: 127.0.0.3 www.pi..to.biz
        O1 - Hosts: 127.0.0.3 pi..to.biz
        O1 - Hosts: 127.0.0.3 www.aaasexypics.com
        O1 - Hosts: 127.0.0.3 aaasexypics.com
        O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
        O1 - Hosts: 127.0.0.3 virgin-tgp.net
        O1 - Hosts: 127.0.0.3 www.awmcash.biz
        O1 - Hosts: 127.0.0.3 awmcash.biz
        O1 - Hosts: 127.0.0.3 buldog-stats.com
        O1 - Hosts: 127.0.0.3 www.buldog-stats.com
        O1 - Hosts: 127.0.0.3 fregat.drocherway.com
        O1 - Hosts: 127.0.0.3 slutmania.biz
        O1 - Hosts: 127.0.0.3 www.slutmania.biz
        O1 - Hosts: 127.0.0.3 toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.megapornix.com
        O1 - Hosts: 127.0.0.3 megapornix.com
        O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
        O1 - Hosts: 127.0.0.3 sp2fucked.biz
        O1 - Hosts: 127.0.0.3 greg-tut.com
        O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
        O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
        C:\WINDOWS\System32\porynt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus
        Platinum\APVXDWIN.EXE" /s
        O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus
        Platinum\Inicio.exe"
        O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
        O4 - HKLM\..\RunServices: [MSN] exe.exe
        O4 - HKLM\..\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.ex e
        O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
        O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NVMCTRAY.DLL,NvTaskbarInit
        O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
        O4 - HKCU\..\RunServices: [MSN] exe.exe
        O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
        O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Offi ce10\EXCEL.EXE/3000
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.blazefind.com (HKLM)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.flingstone.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {11111111-1111-1111-1111-111111 111157} - ms-
        its:mhtml:file://C:\nosuch.mht!http://213.159.117.203/dl/adv642/x.chm::/load.exe
        O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7 B6B35C} (Loader2 Control) -
        iframedollars.biz/tb/loader2.ocx
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\ ..\{BBA00C06-815F-45F0-BC2D-01D 5FAF3B955}:
        NameServer = 212.75.96.2,212.75.112.130
        O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
        C:\WINDOWS\System32\porynt.dll
        O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
        C:\WINDOWS\System32\porynt.dll
        O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1
        \Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1
        \Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda
        Software\Panda Antivirus Platinum\Firewall\PavFires.exe
        O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
        Software\Panda Antivirus Platinum\pavsrv51.exe

        • Gość: piecyk gazowy Re: plis sprawdzcie loga!!!! IP: *.tpnet.pl / *.tpnet.pl 05.02.05, 21:41
          Nie umiesz, czy się nie da? Odpal HijackThis, wybierz "Do a system scan",
          zaznacz poniższe pozycje i wciśnij Fix Checked:

          > R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
          > about:blank
          > R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page = about:blank
          > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =

          > O1 - Hosts: 127.0.0.3 www.greg-tut.com
          > O1 - Hosts: 127.0.0.3 nylonsexy.com
          > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
          > O1 - Hosts: 127.0.0.3 vparivalka.com
          > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.c om
          > O1 - Hosts: 127.0.0.3 www.awmdabest.com
          > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
          > O1 - Hosts: 127.0.0.3 awmdabest.com
          > O1 - Hosts: 127.0.0.3 sexfiles.nu
          > O1 - Hosts: 127.0.0.3 allforadult.com
          > O1 - Hosts: 127.0.0.3 www.allforadult.com
          > O1 - Hosts: 127.0.0.3 www.iframe.biz
          > O1 - Hosts: 127.0.0.3 iframe.biz
          > O1 - Hosts: 127.0.0.3 www.newiframe.biz
          > O1 - Hosts: 127.0.0.3 newiframe.biz
          > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
          > O1 - Hosts: 127.0.0.3 vesbiz.biz
          > O1 - Hosts: 127.0.0.3 www.pi..to.biz
          > O1 - Hosts: 127.0.0.3 pi..to.biz
          > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
          > O1 - Hosts: 127.0.0.3 aaasexypics.com
          > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 www.awmcash.biz
          > O1 - Hosts: 127.0.0.3 awmcash.biz
          > O1 - Hosts: 127.0.0.3 buldog-stats.com
          > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
          > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
          > O1 - Hosts: 127.0.0.3 slutmania.biz
          > O1 - Hosts: 127.0.0.3 www.slutmania.biz
          > O1 - Hosts: 127.0.0.3 toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.megapornix.com
          > O1 - Hosts: 127.0.0.3 megapornix.com
          > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 greg-tut.com
          > O1 - Hosts: 213.159.117.203/dkprogs/hosts.t xt

          > O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
          > C:\WINDOWS\System32\porynt.dll

          > O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
          > O4 - HKLM\..\RunServices: [MSN] exe.exe
          > O4 - HKLM\..\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.ex e
          > O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.
          exe

          > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
          > O4 - HKCU\..\RunServices: [MSN] exe.exe
          > O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.
          exe
          > O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe

          > O15 - Trusted Zone: *.blazefind.com
          > O15 - Trusted Zone: *.clickspring.net
          > O15 - Trusted Zone: *.flingstone.com
          > O15 - Trusted Zone: *.iframedollars.biz
          > O15 - Trusted Zone: *.mt-download.com
          > O15 - Trusted Zone: *.my-internet.info
          > O15 - Trusted Zone: *.searchmiracle.com
          > O15 - Trusted Zone: *.skoobidoo.com
          > O15 - Trusted Zone: *.slotchbar.com
          > O15 - Trusted Zone: *.windupdates.com
          > O15 - Trusted Zone: *.ysbweb.com
          > O15 - Trusted Zone: *.blazefind.com (HKLM)
          > O15 - Trusted Zone: *.clickspring.net (HKLM)
          > O15 - Trusted Zone: *.flingstone.com (HKLM)
          > O15 - Trusted Zone: *.iframedollars.biz (HKLM)
          > O15 - Trusted Zone: *.mt-download.com (HKLM)
          > O15 - Trusted Zone: *.my-internet.info (HKLM)
          > O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          > O15 - Trusted Zone: *.slotchbar.com (HKLM)
          > O15 - Trusted Zone: *.windupdates.com (HKLM)
          > O15 - Trusted Zone: *.ysbweb.com (HKLM)
          > O15 - Trusted IP range: 213.159.117.202
          > O15 - Trusted IP range: 213.159.117.202 (HKLM)
          > O16 - DPF: {11111111-1111-1111-1111-111111 111157} - ms-
          > its:mhtml:file://C:\nosuch.mht!
          213.159.117.203/dl/adv642/x.chm::/load.exe
          > O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7 B6B35C} (Loader2 Control) -
          > iframedollars.biz/tb/loader2.oc x

          > O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
          > C:\WINDOWS\System32\porynt.dll
          > O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B20 6D897A} -
          > C:\WINDOWS\System32\porynt.dll

          Odinstaluj jednego antywirusa i wklej nowego loga.
          • orrangge Re: plis sprawdzcie loga!!!! 06.02.05, 18:26
            ok już jasne dzieki
            wklejam loga

            Logfile of HijackThis v1.99.0
            Scan saved at 18:29:32, on 2005-02-06
            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\services.ex e
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\av gamsvr.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\av gupsvc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
            C:\WINDOWS\System32\RUNDLL32.EX E
            C:\WINDOWS\System32\rundll32.ex e
            C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
            C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\av ginet.exe
            C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
            C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
            C:\WINDOWS\System32\swwhost.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\MartaK\Ustawienia lokalne\Temporary Internet
            Files\Content.IE5\OL2FSL6F\Hija ckThis[1].exe

            R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
            about:blank
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page = about:blank
            R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus
            Platinum\APVXDWIN.EXE" /s
            O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus
            Platinum\Inicio.exe"
            O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
            O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
            \NVMCTRAY.DLL,NvTaskbarInit
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Offi ce10\EXCEL.EXE/3000
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O17 - HKLM\System\CCS\Services\Tcpip\ ..\{BBA00C06-815F-45F0-BC2D-01D 5FAF3B955}:
            NameServer = 212.75.96.2,212.75.112.130
            O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1
            \Grisoft\AVGFRE~1\avgamsvr.exe
            O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1
            \Grisoft\AVGFRE~1\avgupsvc.exe
            O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda
            Software\Panda Antivirus Platinum\Firewall\PavFires.exe
            O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
            Software\Panda Antivirus Platinum\pavsrv51.exe

            • m.gregor Re: plis sprawdzcie loga!!!! 06.02.05, 18:33
              > O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32. exe
              I odinstaluj jednego antywirusa. Ja radze wywalic AVG (Panda lepsza)
              • orrangge Re: plis sprawdzcie loga!!!! 06.02.05, 18:53
                dzieki ale tego to nie chce mi wywalić :(
                AVG odinstalowane :)
                • Gość: piecyk gazowy Re: plis sprawdzcie loga!!!! IP: *.tpnet.pl / *.tpnet.pl 06.02.05, 18:55
                  Spróbuj uruchomić system w trybie awaryjnym i wtedy usunąć.

                  Tryb awaryjny uruchamia się podczas startu systemu - zanim się pojawi plansza
                  Windows XP (ta na czarnym tle), trzeba wcisnąć F8 a potem wybrać klawiszami
                  kierunkowymi tryb awaryjny i potwierdzić enterem.
                  • orrangge Re: plis sprawdzcie loga!!!! 06.02.05, 19:44
                    oki udało się:)
                    ale teraz sytem gada że nie może zlokalizować spoolsrv.exe :(
                    wklejam nowego

                    Logfile of HijackThis v1.99.0
                    Scan saved at 19:44:41, on 2005-02-06
                    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\services.ex e
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
                    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
                    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
                    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
                    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
                    C:\WINDOWS\System32\RUNDLL32.EX E
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\Documents and Settings\MartaK\Ustawienia lokalne\Temporary Internet
                    Files\Content.IE5\OL2FSL6F\Hija ckThis[1].exe
                    C:\WINDOWS\msagent\AgentSvr.exe

                    R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
                    about:blank
                    R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page = about:blank
                    R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
                    R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
                    C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
                    C:\WINDOWS\System32\msdxm.ocx
                    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus
                    Platinum\APVXDWIN.EXE" /s
                    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus
                    Platinum\Inicio.exe"
                    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
                    \NVMCTRAY.DLL,NvTaskbarInit
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                    res://C:\PROGRA~1\MICROS~2\Offi ce10\EXCEL.EXE/3000
                    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
                    skaner.mks.com.pl/SkanerOnline.cab
                    O17 - HKLM\System\CCS\Services\Tcpip\ ..\{BBA00C06-815F-45F0-BC2D-01D 5FAF3B955}:
                    NameServer = 212.75.96.2,212.75.112.130
                    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
                    C:\WINDOWS\System32\nvsvc32.exe
                    O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda
                    Software\Panda Antivirus Platinum\Firewall\PavFires.exe
                    O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
                    Software\Panda Antivirus Platinum\pavsrv51.exe

                    • Gość: piecyk gazowy Re: plis sprawdzcie loga!!!! IP: *.tpnet.pl / *.tpnet.pl 06.02.05, 20:29
                      orrangge napisała:

                      > ale teraz sytem gada że nie może zlokalizować spoolsrv.exe :(

                      A kiedy on to gada i jaki dokładnie jest komunikat?
                      • orrangge Re: plis sprawdzcie loga!!!! 06.02.05, 21:01
                        pokazuje sie komunikat zaraz po właczeniu kompa i zalogowaniu
                        " System Windows nie może zlokalizować C:\WINDOWS\System32\spoolsrv32. exe" czy
                        coś bardzo podobnego
                        • Gość: piecyk gazowy Re: plis sprawdzcie loga!!!! IP: *.tpnet.pl / *.tpnet.pl 06.02.05, 21:50
                          To śmieć. Odpal edytor rejestru: Start -> Uruchom:
                          regedit

                          Wciśnij F3, wpisz spoolsrv32.exe, jak coś znajdziesz - usuń klawiszem Delete,
                          potem znów F3 i tak do końca. Na koniec restart systemu i zobacz, czy jest OK.

                          Ostrzegam, że nieumiejętna edycja rejestru może spowodować uszkodzenie systemu.
                          • orrangge Re: plis sprawdzcie loga!!!! 07.02.05, 18:34
                            oki tak będę robić dzieki wielkie i pozdrowionka
                            gdyby nie Wy to nie wiem co bym zrobiła dzieki :)
Pełna wersja