Prosze o prawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 22.04.05, 00:47
Logfile of HijackThis v1.99.0
Scan saved at 00:46:07, on 2005-04-22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svhost.exe
c:\windows\system32\rmppsrj.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\dwwin.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Właściciel\Pulpit\Nowy folder\hijack\HijackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.joemonster.org/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\svhost.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
C:\WINDOWS\Bolger.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -
c:\windows\system\BHOmod.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} -
C:\WINDOWS\System32\nsl43.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kydhl] C:\WINDOWS\System32\lzbbpgkbbqqxp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\System32\fa58720d.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SAHBundle]
C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\BundleLite_westfrontier1001.exe run
O4 - HKLM\..\Run: [aatfgiq] c:\windows\system32\rmppsrj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\System32\fa58720d.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: {3A77DD5E-93A1-2842-54F1-59680F03B351} -
67.19.178.86/1/rdgPL1742.exe
O16 - DPF: {3BDF667F-7169-330A-9288-744D652533CD} -
67.19.178.86/1/rdgPL1742.exe
O16 - DPF: {45AAFBDC-437A-1F1A-BD83-3E552AFFF925} -
67.19.178.86/1/rdgPL1742.exe
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O23 - Service: LexBce Server - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe

    • Gość: Kolobos Re: Prosze o prawdzenie loga IP: *.warszawa.sdi.tpnet.pl 22.04.05, 00:59
      Zaznacz w hijackthis te wpisy:

      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      F3 - REG:win.ini: run=C:\WINDOWS\System32\svhost.exe
      O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
      C:\WINDOWS\SYSTEM\Loader.dll
      O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
      C:\WINDOWS\Bolger.dll
      O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} -
      c:\windows\system\BHOmod.dll
      O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} -
      C:\WINDOWS\System32\nsl43.dll
      O4 - HKLM\..\Run: [Kydhl] C:\WINDOWS\System32\lzbbpgkbbqqxp.exe
      O4 - HKLM\..\Run: [System backup] C:\WINDOWS\System32\fa58720d.exe
      O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
      O4 - HKLM\..\Run: [SAHBundle]
      C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\BundleLite_westfrontier1001.exe run
      O4 - HKLM\..\Run: [aatfgiq] c:\windows\system32\rmppsrj.exe
      O4 - HKCU\..\Run: [System backup] C:\WINDOWS\System32\fa58720d.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links -
      {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
      file)
      O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
      O16 - DPF: {3A77DD5E-93A1-2842-54F1-59680F03B351} -
      67.19.178.86/1/rdgPL1742.exe
      O16 - DPF: {3BDF667F-7169-330A-9288-744D652533CD} -
      67.19.178.86/1/rdgPL1742.exe
      O16 - DPF: {45AAFBDC-437A-1F1A-BD83-3E552AFFF925} -
      67.19.178.86/1/rdgPL1742.exe
      O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
      O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
      O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe

      I Fix Checked, nastepnie reset i usun te pliki:
      C:\WINDOWS\isrvs\ <- caly katalog
      C:\WINDOWS\svcproc.exe
      C:\WINDOWS\System32\fa58720d.exe
      C:\WINDOWS\System32\svhost.exe
      C:\WINDOWS\SYSTEM\Loader.dll
      C:\WINDOWS\Bolger.dll
      c:\windows\system\BHOmod.dll
      C:\WINDOWS\System32\nsl43.dll
      C:\WINDOWS\System32\lzbbpgkbbqqxp.exe
      C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\BundleLite_westfrontier1001.exe
      c:\windows\system32\rmppsrj.exe

      Jakby cos nie chcialo sie usunc to w hijackthis wybierz misc tools i tam delete
      file on reboot i wklej sciezki do plikow, ktore nie chca sie skasowac (po
      jednej i ok) jak juz dodasz wszystkie to reset i wklej nowy log z hijackthis.
      • Gość: ak Re: Prosze o prawdzenie loga IP: *.neoplus.adsl.tpnet.pl 22.04.05, 21:02
        Logfile of HijackThis v1.99.0
        Scan saved at 21:02:12, on 2005-04-22
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\System32\dwwin.exe
        C:\Program Files\MKS\Bin\mks_mail.exe
        C:\Program Files\MKS\Bin\mks_menu.exe
        C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\System32\RUNDLL32.EXE
        C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe
        C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
        c:\windows\system32\ccxhxr.exe
        C:\Program Files\MKS\Bin\mksmonsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Program Files\MKS\Bin\mks_scan.exe
        C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
        C:\Documents and Settings\Właściciel\Pulpit\Nowy folder\hijack\HijackThis1.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.joemonster.org/
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O2 - BHO: (no name) - {302A3240-4805-4a34-97D7-1645A0B08410} - (no file)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\jre1.5.0_02\bin\jusched.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [skxbfs] c:\windows\system32\ccxhxr.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
        O4 - Global Startup: Color Calibration.lnk = ?
        O4 - Global Startup: NaturalColorLoad.lnk = ?
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O23 - Service: LexBce Server - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
        Files\MKS\bin\MkSUpdateInt.exe
        O23 - Service: MkS_Vir Monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
        O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
        O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: System Startup Service - Unknown - c:\windows\SvcProc.exe

        • Gość: Kolobos Re: Prosze o prawdzenie loga IP: *.warszawa.sdi.tpnet.pl 22.04.05, 21:13
          Zaznacz to:
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O2 - BHO: (no name) - {302A3240-4805-4a34-97D7-1645A0B08410} - (no file)
          O4 - HKLM\..\Run: [skxbfs] c:\windows\system32\ccxhxr.exe
          O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
          O23 - Service: System Startup Service - Unknown - c:\windows\SvcProc.exe

          Fix Checked pozniej usun te pliki:

          c:\windows\SvcProc.exe
          c:\windows\system32\ccxhxr.exe
          C:\WINDOWS\Nail.exe

          Jakby te pliki nie chcialy sie usunac to:
          www.downloads.subratam.org/KillBox.zip
          Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (nie szukaj
          tylko wklejaj gotowa) i naciskaj czerwony przycik ale na pytanie o reset
          odpowiadaj nie i tak zrob z plikami, ktore nie chca sie usunac.

          Po resecie wklej nowy log.
          • Gość: ak Re: Prosze o prawdzenie loga IP: *.neoplus.adsl.tpnet.pl 22.04.05, 21:37
            Logfile of HijackThis v1.99.0
            Scan saved at 21:36:46, on 2005-04-22
            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.exe
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\Program Files\MKS\Bin\mks_mail.exe
            C:\WINDOWS\System32\dwwin.exe
            C:\Program Files\MKS\Bin\mks_menu.exe
            C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\Program Files\Messenger\msmsgs.exe
            c:\windows\system32\wciywq.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\WINDOWS\System32\RUNDLL32.EXE
            C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe
            C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
            C:\Program Files\MKS\Bin\mksmonsv.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\MKS\Bin\mks_scan.exe
            C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
            C:\Documents and Settings\Właściciel\Pulpit\Nowy folder\hijack\HijackThis1.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.joemonster.org/
            F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
            O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
            Files\Java\jre1.5.0_02\bin\jusched.exe
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [zgzaix] c:\windows\system32\wciywq.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
            C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
            O4 - Global Startup: Color Calibration.lnk = ?
            O4 - Global Startup: NaturalColorLoad.lnk = ?
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
            O23 - Service: LexBce Server - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
            Files\MKS\bin\MkSUpdateInt.exe
            O23 - Service: MkS_Vir Monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
            O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
            O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe

            • Gość: Kolobos Re: Prosze o prawdzenie loga IP: *.warszawa.sdi.tpnet.pl 22.04.05, 23:45
              Wyglada to jeszcze gorzej, usunales C:\WINDOWS\Nail.exe ?

              Wklej moze log z:
              www.silentrunners.org/Silent%20Runners.vbs
              Uruchom go w trybie awaryjnym.

Pełna wersja