Proszę o sprawdzenie loga

13.02.05, 14:31
Logfile of HijackThis v1.99.0
Scan saved at 14:19:28, on 2005-02-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\nmmst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\olek\Dane aplikacji\aomo.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WebSiteViewer\10034880temp.exe
C:\Program Files\WebSiteViewer\124847.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\olek\USTAWI~1\Temp\Temporary Internet Files\Content.IE5\R2QPYDM3
\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-
4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [Eecc] C:\Documents and Settings\olek\Dane
aplikacji\aomo.exe
O4 - HKCU\..\Run: [Egqjgo] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5
\NkvMon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} -
C:\WINDOWS\System32\porynt.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} -
C:\WINDOWS\System32\porynt.dll
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32
\pctspk.exe

Dzięki.
    • cnjry Re: Proszę o sprawdzenie loga 13.02.05, 14:38
      To ciekawe strony sie oglada olku
      Zainstaluj SP2 + standardowe programy czyszczace + antywirus + firewall
      • m.gregor Re: Proszę o sprawdzenie loga 13.02.05, 16:00
        I co? Niby te kroki maja usunac ten syf? Ehhh....
    • m.gregor Re: Proszę o sprawdzenie loga 13.02.05, 16:06
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      > file)
      > O1 - Hosts: 127.0.0.3 www.greg-tut.com
      > O1 - Hosts: 127.0.0.3 nylonsexy.com
      > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
      > O1 - Hosts: 127.0.0.3 vparivalka.com
      > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
      > O1 - Hosts: 127.0.0.3 www.awmdabest.com
      > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
      > O1 - Hosts: 127.0.0.3 awmdabest.com
      > O1 - Hosts: 127.0.0.3 sexfiles.nu
      > O1 - Hosts: 127.0.0.3 allforadult.com
      > O1 - Hosts: 127.0.0.3 www.allforadult.com
      > O1 - Hosts: 127.0.0.3 www.iframe.biz
      > O1 - Hosts: 127.0.0.3 iframe.biz
      > O1 - Hosts: 127.0.0.3 www.newiframe.biz
      > O1 - Hosts: 127.0.0.3 newiframe.biz
      > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
      > O1 - Hosts: 127.0.0.3 vesbiz.biz
      > O1 - Hosts: 127.0.0.3 www.pi..to.biz
      > O1 - Hosts: 127.0.0.3 pi..to.biz
      > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
      > O1 - Hosts: 127.0.0.3 aaasexypics.com
      > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 virgin-tgp.net
      > O1 - Hosts: 127.0.0.3 www.awmcash.biz
      > O1 - Hosts: 127.0.0.3 awmcash.biz
      > O1 - Hosts: 127.0.0.3 buldog-stats.com
      > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
      > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
      > O1 - Hosts: 127.0.0.3 slutmania.biz
      > O1 - Hosts: 127.0.0.3 www.slutmania.biz
      > O1 - Hosts: 127.0.0.3 toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
      > O1 - Hosts: 127.0.0.3 www.megapornix.com
      > O1 - Hosts: 127.0.0.3 megapornix.com
      > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
      > O1 - Hosts: 127.0.0.3 sp2fucked.biz
      > O1 - Hosts: 69.20.16.183 auto.search.msn.com
      > O1 - Hosts: 69.20.16.183 search.netscape.com
      > O1 - Hosts: 69.20.16.183 ieautosearch
      > O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-
      > 4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
      > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      > O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      > Optimizer\optimize.exe"
      > O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
      > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      > O4 - HKCU\..\Run: [Eecc] C:\Documents and Settings\olek\Dane
      > aplikacji\aomo.exe
      > O4 - HKCU\..\Run: [Egqjgo] C:\WINDOWS\System32\j?vaw.exe
      > O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
      > O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
      > O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
      > O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
      > O15 - Trusted IP range: 213.159.117.202 (HKLM)
      > O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} -
      > C:\WINDOWS\System32\porynt.dll
      > O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} -
      > C:\WINDOWS\System32\porynt.dll

      To wszystko won. Odinstaluj przez dodaj/usun programy jeszcze WebSiteViewer.
      Wklej nowego loga a potem:
      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430 + posty
      nastepne gdzie sa erraty do niedzialajacych linkow i nowsze wersje programow.
Pełna wersja