prosze o sprawdzenie loga

[renatap28]

[Gość: k]

Wywal aplikacje od neostrady.

Zakoncz procesy:
C:\WINNT\SYSTEM32\ponoas.exe
C:\Program Files\AdwareSafe\adwaresafe.exe
C:\WINNT\system32\ipcscan.exe
C:\WINNT\system32\ipcscan.exe
C:\WINNT\SYSTEM32\MUI\DISPSPEC\0401\service.exe

W hjt usun:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IEHelperObject - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} -
C:\WINNT\Downloaded Program Files\avicodec.ocx <- usun plik
O4 - HKLM\..\Run: [Sxcasdwqas] C:\WINNT\SYSTEM32\notyester.exe <- plik usun z
dysku.
O4 - HKLM\..\Run: [notlate] bexrer.exe
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Program Files\Trojancheck 6
\tcguard.exe <- katalog trojan.. usun z dysku.
O4 - HKLM\..\Run: [sys33] Sys33.exe
O4 - HKLM\..\Run: [Evawwffe] C:\WINNT\SYSTEM32\ponoas.exe <- usun plik.
O4 - HKLM\..\Run: [system332] C:\WINNT\SYSTEM32\MUI\DISPSPEC\0401
\hidden32.exe C:\WINNT\SYSTEM32\MUI\DISPSPEC\0401\service.exe
O4 - HKLM\..\Run: [Ms Network Services] swchost.exe
O4 - HKLM\..\RunServices: [notlate] bexrer.exe
O4 - HKLM\..\RunServices: [sys33] Sys33.exe <- usun z dysku.
O4 - HKLM\..\RunServices: [Ms Network Services] swchost.exe
O4 - HKCU\..\Run: [notlate] bexrer.exe <- plik usun z dysku.
O4 - HKCU\..\Run: [Ms Network Services] swchost.exe <- plik usun z dysku.
O4 - Global Startup: AdwareSafe Background Protection.lnk = C:\Program
Files\AdwareSafe\adwaresafe.exe <- usun katalog AdwareSafe.
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
www.20x2p.com/20b637ed/enter.cab

Doklej brakujaca czesc od:
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
GmbH)) - <a href="

Do tego zrob odrazu skan przy pomocy ewido.

[renatap28]

Gziękuję,

Proszę mi jeszcze napisać co mam dokleić i jak to zrobić, resztę już zrobiłam


> Doklej brakujaca czesc od:
> O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
> GmbH)) - <a href="

Z góry dziękuję.

[Gość: k]

Log sie nie zmiescil, masz doklic to sie ucielo.

prosze o dodatkową informację odnośnie loga

[renatap28]

Dzieki, juz doklejam koncowke

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -
sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147025926390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
GmbH)) - www.o2c.de/download/o2cplayer.cab
O16 - DPF: {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} (IEHelperObject) -
eroscop.pl/avicodec.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8968BE93-F2F5-4A38-A924-EEF1D7D74794}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner -
C:\WINNT\system32\microsoft\user\FireDaemon.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - C:\WINNT\system32
\microsoft\user\FireDaemon.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP
Configuration) - Unknown owner - C:\WINNT\System32\upnp.exe (file missing)
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner -
C:\WINNT\sdkbl32.exe (file missing)

[Gość: k]

Do kasacji w hjt:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -
sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
GmbH)) - www.o2c.de/download/o2cplayer.cab
O16 - DPF: {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} (IEHelperObject) -
eroscop.pl/avicodec.ocx

Uslugi do kasacji:
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner -
C:\WINNT\system32\microsoft\user\FireDaemon.EXE
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - C:\WINNT\system32
\microsoft\user\FireDaemon.EXE
O23 - Service: Universal Plug and Play Device Configuration (UPnP
Configuration) - Unknown owner - C:\WINNT\System32\upnp.exe (file missing)
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner -
C:\WINNT\sdkbl32.exe (file missing)

[renatap28]

Witam ,dziekuje za wszystkie informacje i prosze jeszcze raz o sprawdzenie
loga , powyrzucalam wszystko co bylo wymienione. Komputer jednak nadal czesto
sie muli , skanuje codziennie Ad-adware , awastem i ewido i ciagle cos
znajduja , po 5-10 szt.


Logfile of HijackThis v1.99.1
Scan saved at 19:31:24, on 2006-06-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\SYSTEM32\efagrr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\swchost.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\swchost.exe
C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\rEGiT.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINNT\twain_32\A4CIS\WATCH.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Panuś\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EEfavehtb] C:\WINNT\SYSTEM32\efagrr.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [system332] C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\hidden32.exe
C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\rEGiT.exe
O4 - HKLM\..\Run: [Ms Network Services] swchost.exe
O4 - HKLM\..\RunServices: [Ms Network Services] swchost.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --
confdir=home
O4 - HKCU\..\Run: [Ms Network Services] swchost.exe
O4 - Startup: Watch.lnk = C:\WINNT\twain_32\A4CIS\WATCH.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/d003/mailcfg.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147025926390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8968BE93-F2F5-4A38-A924-EEF1D7D74794}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner -
C:\WINNT\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - C:\WINNT\system32
\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP
Configuration) - Unknown owner - C:\WINNT\System32\upnp.exe (file missing)
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner

[Gość: k]

W przyklejonym poscie masz napisane jak usunac uslugi, wiec zamiast wklejac log
zacznij czytac i usun uslugi ktore podalem.

Zakoncz procesy:
C:\WINNT\SYSTEM32\efagrr.exe
C:\WINNT\system32\swchost.exe
C:\WINNT\system32\swchost.exe
C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\rEGiT.exe

W hjt usun:
O4 - HKLM\..\Run: [EEfavehtb] C:\WINNT\SYSTEM32\efagrr.exe <- plik do kasacji.
O4 - HKLM\..\Run: [system332] C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\hidden32.exe
C:\WINNT\SYSTEM32\DRIVERS\ETC\CONFIG\rEGiT.exe <- i oba te.
O4 - HKLM\..\Run: [Ms Network Services] swchost.exe <- i ten.
O4 - HKLM\..\RunServices: [Ms Network Services] swchost.exe
O4 - HKCU\..\Run: [Ms Network Services] swchost.exe

USLUGI DO KSACJI:
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner -
C:\WINNT\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - C:\WINNT\system32
\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: Universal Plug and Play Device Configuration (UPnP
Configuration) - Unknown owner - C:\WINNT\System32\upnp.exe (file missing)
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner

Do tego wywal aplikacje od neostrady tak jak masz to opisane w FAQ, dopiero jak
to wszystko zrobisz to wklej log.

[renatap28]

dodaje koncowke loga

O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner -
C:\WINNT\sdkbl32.exe (file missing)