Proszę o sprawdzenie loga :)

IP: *.sistbg.net / *.sistbg.net 13.02.05, 13:43
Logfile of HijackThis v1.98.2
Scan saved at 13:32:37, on 2005-02-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\a\Moje dokumenty\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\nmstt.exe
C:\WINDOWS\nmstt.exe
C:\Program Files\AVPersonal\AVWIN.EXE
C:\Documents and Settings\a\Moje dokumenty\hijackthis1982.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no
file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} -
C:\Program Files\SurfSideKick 2\SskBho.dll
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-
4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-
Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02
\bin\jusched.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1
\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\a\Moje
dokumenty\Gadu-Gadu\PowerGG.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
<a href=
    • m.gregor Re: Proszę o sprawdzenie loga :) 13.02.05, 13:56
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      > file)
      > R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no
      > file)
      > R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} -
      > C:\Program Files\SurfSideKick 2\SskBho.dll
      > O1 - Hosts: 127.0.0.3 www.greg-tut.com
      > O1 - Hosts: 127.0.0.3 nylonsexy.com
      > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
      > O1 - Hosts: 127.0.0.3 vparivalka.com
      > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
      > O1 - Hosts: 127.0.0.3 www.awmdabest.com
      > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
      > O1 - Hosts: 127.0.0.3 awmdabest.com
      > O1 - Hosts: 127.0.0.3 sexfiles.nu
      > O1 - Hosts: 127.0.0.3 allforadult.com
      > O1 - Hosts: 127.0.0.3 www.allforadult.com
      > O1 - Hosts: 127.0.0.3 www.iframe.biz
      > O1 - Hosts: 127.0.0.3 iframe.biz
      > O1 - Hosts: 127.0.0.3 www.newiframe.biz
      > O1 - Hosts: 127.0.0.3 newiframe.biz
      > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
      > O1 - Hosts: 127.0.0.3 vesbiz.biz
      > O1 - Hosts: 127.0.0.3 www.pi..to.biz
      > O1 - Hosts: 127.0.0.3 pi..to.biz
      > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
      > O1 - Hosts: 127.0.0.3 aaasexypics.com
      > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 www.awmcash.biz
      > O1 - Hosts: 127.0.0.3 awmcash.biz
      > O1 - Hosts: 127.0.0.3 buldog-stats.com
      > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
      > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
      > O1 - Hosts: 127.0.0.3 slutmania.biz
      > O1 - Hosts: 127.0.0.3 www.slutmania.biz
      > O1 - Hosts: 127.0.0.3 toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.megapornix.com
      > O1 - Hosts: 127.0.0.3 megapornix.com
      > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
      > O1 - Hosts: 127.0.0.3 sp2fucked.biz
      > O1 - Hosts: 69.20.16.183 auto.search.msn.com
      > O1 - Hosts: 69.20.16.183 search.netscape.com
      > O1 - Hosts: 69.20.16.183 ieautosearch
      > O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
      > C:\WINDOWS\nem220.dll
      > O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-
      > 4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
      > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      > O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      > Optimizer\optimize.exe"
      > O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
      > O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1
      > \IEMENU~1\tbextn.dll" DllShowTB
      > O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
      > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      > O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
      > O15 - Trusted Zone: *.blazefind.com
      > O15 - Trusted Zone: *.clickspring.net
      > O15 - Trusted Zone: *.flingstone.com
      > O15 - Trusted Zone: *.iframedollars.biz
      > O15 - Trusted Zone: *.mt-download.com
      > O15 - Trusted Zone: *.my-internet.info
      > O15 - Trusted Zone: *.searchbarcash.com
      > O15 - Trusted Zone: *.searchmiracle.com
      > O15 - Trusted Zone: *.skoobidoo.com
      > O15 - Trusted Zone: *.slotch.com
      > O15 - Trusted Zone: *.slotchbar.com
      > O15 - Trusted Zone: *.windupdates.com
      > O15 - Trusted Zone: *.xxxtoolbar.com
      > O15 - Trusted Zone: *.ysbweb.com

      A potem:
      1.) www.windowsupdate.com <- Service Pack 2 albo przynajmniej poprawki
      krytyczne (WSZYSTKIE KRYTYCZNE!!!!)
      2.) Nowa przegladarka (FireFox, Mozilla, Opera)
      3.) Sciagasz nowego HiJackThis i wklejasz loga

      Sznurki:
      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430 + posty
      nastepne bo tam sa erraty do wygaslych linkow i nowszych wersji programow.
      HiJackThis: spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
Pełna wersja