Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    spyware, hijack, log

    IP: *.acn.waw.pl 05.04.06, 20:31
    witam
    ponizej przesylam log, prosze o sprawdzenie go
    dziekuje i pozdrawiam

    Logfile of HijackThis v1.99.1
    Scan saved at 20:28:50, on 2006-04-05
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\RunDll32.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
    D:\Program Files\Spyware Nuker\swnxt.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\WINDOWS\System32\umwuxgrlm.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
    D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    D:\Program Files\Netropa\Onscreen Display\OSD.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\cmd.exe
    D:\Program Files\Tlen.pl\tlen.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Documents and Settings\Michał\Pulpit\hijackthis\hijackthis.exe
    D:\WINDOWS\finderd.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.gazeta.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} -
    D:\WINDOWS\System32\pmnlm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06
    \bin\jusched.exe
    O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\Browser Mouse\1.0
    \lwbwheel.exe
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia
    Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [KAV50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-
    Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
    O4 - HKLM\..\Run: [SWN2] D:\Program Files\Spyware Nuker\swnxt.exe /h
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DR service] umwuxgrlm.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunServices: [Realtek Sound Manager] evkfwgc.exe
    O4 - HKLM\..\RunServices: [Microsoft winfreez] winfreezx.exe
    O4 - HKLM\..\RunServices: [Windrive service] ezfqeeqtzrur.exe
    O4 - HKLM\..\RunServices: [DR service] umwuxgrlm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "D:\Program
    Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "D:\PROGRA~1\PANICW~1\POP-UP~1
    \PopUpStopperProfessional.exe"
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0
    \program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    www.mks.com.pl/skaner/SkanerOnline.cab
    O20 - Winlogon Notify: Nls - D:\WINDOWS\system32\i442leho1h4c.dll
    O20 - Winlogon Notify: pmnlm - D:\WINDOWS\System32\pmnlm.dll
    O20 - Winlogon Notify: ssttq - ssttq.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab -
    d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
    O23 - Service: mansorr here (mans0r) - Unknown owner - D:\WINDOWS\finderd.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program
    Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Win32Sr - Unknown owner - D:\WINDOWS\win32ssr.exe (file
    missing)

    Obserwuj wątek
      • Gość: k Re: spyware, hijack, log IP: *.warszawa.sdi.tpnet.pl 05.04.06, 20:43
        W menadzerze zakoncz:
        D:\Program Files\Spyware Nuker\swnxt.exe
        D:\WINDOWS\System32\umwuxgrlm.exe

        W hijackthis:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} -
        D:\WINDOWS\System32\pmnlm.dll
        O4 - HKLM\..\Run: [SWN2] D:\Program Files\Spyware Nuker\swnxt.exe /h <-
        odinstaluj.
        O4 - HKLM\..\Run: [DR service] umwuxgrlm.exe
        O4 - HKLM\..\RunServices: [Realtek Sound Manager] evkfwgc.exe
        O4 - HKLM\..\RunServices: [Microsoft winfreez] winfreezx.exe
        O4 - HKLM\..\RunServices: [Windrive service] ezfqeeqtzrur.exe
        O4 - HKLM\..\RunServices: [DR service] umwuxgrlm.exe
        O20 - Winlogon Notify: Nls - D:\WINDOWS\system32\i442leho1h4c.dll
        O20 - Winlogon Notify: pmnlm - D:\WINDOWS\System32\pmnlm.dll
        O20 - Winlogon Notify: ssttq - ssttq.dll (file missing)
        Usun wszystkie wymienione pliki z dysku.

        Uslugi do kasacji:
        O23 - Service: mansorr here (mans0r) - Unknown owner - D:\WINDOWS\finderd.exe <-
        plik usun.
        O23 - Service: Win32Sr - Unknown owner - D:\WINDOWS\win32ssr.exe (file
        missing)

        Usuwanie uslug opisane tutaj + usuwanie look2me + skan ewido:
        forum.gazeta.pl/forum/72,2.html?f=430&w=38051058
        Po wszystkim wklej nowy log.
        • Gość: green-tea Re: spyware, hijack, log IP: *.acn.waw.pl 05.04.06, 21:08
          Logfile of HijackThis v1.99.1
          Scan saved at 21:07:38, on 2006-04-05
          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          D:\WINDOWS\System32\smss.exe
          D:\WINDOWS\system32\winlogon.exe
          D:\WINDOWS\system32\services.exe
          D:\WINDOWS\system32\lsass.exe
          D:\WINDOWS\system32\svchost.exe
          D:\WINDOWS\System32\svchost.exe
          D:\WINDOWS\system32\rundll32.exe
          D:\WINDOWS\system32\spoolsv.exe
          D:\WINDOWS\System32\RunDll32.exe
          D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
          D:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
          D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
          D:\Program Files\Common Files\Real\Update_OB\realsched.exe
          D:\WINDOWS\System32\ctfmon.exe
          D:\Program Files\Skype\Phone\Skype.exe
          D:\Program Files\Messenger\msmsgs.exe
          D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
          D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
          D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
          D:\Program Files\Netropa\Onscreen Display\OSD.exe
          D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
          D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          D:\WINDOWS\System32\svchost.exe
          D:\Program Files\Tlen.pl\tlen.exe
          D:\WINDOWS\system32\cmd.exe
          D:\Program Files\Mozilla Firefox\firefox.exe
          D:\WINDOWS\system32\rundll32.exe
          D:\WINDOWS\explorer.exe
          D:\Documents and Settings\Michał\Pulpit\hijackthis\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          v4.windowsupdate.microsoft.com/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} -
          D:\WINDOWS\System32\pmnlm.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          D:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program
          Files\Java\jre1.5.0_06\bin\jusched.exe
          O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\Browser
          Mouse\1.0\lwbwheel.exe
          O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia
          Keyboard\MMKeybd.exe
          O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
          Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash
          /minimized
          O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
          O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org
          2.0\program\quickstart.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
          Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program
          Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console -
          {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
          Files\Java\jre1.5.0_06\bin\ssv.dll
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          www.mks.com.pl/skaner/SkanerOnline.cab
          O20 - Winlogon Notify: pmnlm - D:\WINDOWS\System32\pmnlm.dll
          O20 - Winlogon Notify: WindowsUpdate - D:\WINDOWS\system32\aza6l5ds1.dll
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
          D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
          D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          O23 - Service: mansorr here (mans0r) - Unknown owner - D:\WINDOWS\finderd.exe
          O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program
          Files\Netropa\Multimedia Keyboard\nhksrv.exe

          • Gość: k Re: spyware, hijack, log IP: *.warszawa.sdi.tpnet.pl 05.04.06, 21:31
            Zostalo:
            O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} -
            D:\WINDOWS\System32\pmnlm.dll
            O20 - Winlogon Notify: pmnlm - D:\WINDOWS\System32\pmnlm.dll <- usun plik
            O20 - Winlogon Notify: WindowsUpdate - D:\WINDOWS\system32\aza6l5ds1.dll <-
            dalej masz look2me
            O23 - Service: mansorr here (mans0r) - Unknown owner - D:\WINDOWS\finderd.exe

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji