oczywiście proszę o sprawdzenie loga

06.09.06, 13:30
Od razu po wejściu do internetu na dysku C pojawia mi się kilka plików , AVG
melduje że na C jest wirus.Skanowanie AVG i ewido pomaga tylo doraźnie - niby
wszystko wyczyszczą ale przy ponownym wejściu do internetu historia się
powtrza
Proszę o pomoc


Logfile of HijackThis v1.99.1
Scan saved at 13:23:13, on 2006-09-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssmc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\svcchost.exe
c:\nwnmff_16.exe
c:\dfndrff_16.exe
c:\kybrdff_16.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Documents and Settings\Debecik\Pulpit\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program
Files\Deskbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file
missing)
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_16.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_16.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_16.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O8 - Extra context menu item: Otwórz w przeglądarce GetRight - C:\Program
Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pobierz za pomocą GetRight - C:\Program
Files\GetRight\GRdownload.htm
O9 - Extra button: Total Cleaner - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} -
C:\Program Files\Total Cleaner\cleaner.exe (HKCU)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70031091-B96C-460F-9648-
61D5AD23DA7F}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\mtc40u.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\dnn6015se.dll (file
missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\dUd9.dll (file
missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\k0no0a53ed.dll (file
missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fp8203loe.dll (file
missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\vcmdbg.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\j02q0af5ed2.dll (file
missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1
\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32
\ssmc.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner -
C:\WINDOWS\win32host.exe (file missing)

    • kolobos Re: oczywiście proszę o sprawdzenie loga 06.09.06, 14:16
      Zamknij porty przy pomocy wwdc.
      Z przyklejonego postu:
      usuwanie look2me
      usuwanie aplikacji od neostrady

      W Start->Uruchom->Services.msc wylacz i zatrzymaj usluge indeksowania.

      W menadzerze zadan zakoncz:
      C:\WINDOWS\System32\svcchost.exe
      c:\nwnmff_16.exe
      c:\dfndrff_16.exe
      c:\kybrdff_16.exe
      Pliki usun z dysku.

      W hjt usun:
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
      C:\Program Files\Deskbar\deskbar.dll <- katalog Deskbar usun z dysku.
      O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program
      Files\Deskbar\deskbar.dll
      O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
      3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file
      missing)
      Pliki usun z dysku:
      O4 - HKLM\..\Run: [msvcc25] svcchost.exe
      O4 - HKLM\..\Run: [newname] c:\\nwnmff_16.exe
      O4 - HKLM\..\Run: [defender] c:\\dfndrff_16.exe
      O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_16.exe
      O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
      O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe
      O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\mtc40u.dll
      O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\dnn6015se.dll (file
      missing)
      O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\dUd9.dll (file
      missing)
      O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\k0no0a53ed.dll (file
      missing)
      O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fp8203loe.dll (file
      missing)
      O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\vcmdbg.dll (file missing)
      O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\j02q0af5ed2.dll (file
      missing)

      Uslugi do kasacji, opis usuwania w przyklejonym:
      O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32
      \ssmc.exe
      O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner -
      C:\WINDOWS\win32host.exe (file missing)

      Do tego zrob skan przy pomocy ewido i po wszystkim wklej nowy log.
Pełna wersja