spradzenie loga proszeee

IP: *.icpnet.pl 29.09.06, 16:42
Logfile of HijackThis v1.99.1
Scan saved at 16:40:00, on 2006-09-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\bcmntray.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mnsmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
\algs.exe
O4 - HKLM\..\Run: [WinDLL (wsync32.dll)] rundll32.exe C:\WINDOWS\System32
\wsync32.dll,start
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e17.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e17.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e17.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\System32\kaityea.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371030.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mMpistub.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner -
C:\WINDOWS\update\updmgr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner -
C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: ľ2:ˇ/
wů:Gź·siÖ (€?
) - Unknown owner - C:\WINDOWS\mnsmsgr.exe

    • Gość: Kolobos Re: spradzenie loga proszeee IP: *.crowley.pl 29.09.06, 17:30
      Zamknij porty w wwdc, zmien przegladarke na Opere lub Firefox i nie uzywaj IE.

      W hjt usun:
      R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
      C:\Program Files\Deskbar\deskbar.dll <- katalgo deskbar usun z dysku.
      O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32
      \algs.exe <- plik usun z dysku.
      O4 - HKLM\..\Run: [WinDLL (wsync32.dll)] rundll32.exe C:\WINDOWS\System32
      \wsync32.dll,start <- plik wsync32.dll usun z dysku.
      O4 - HKLM\..\Run: [newname] C:\\nwnmff_e17.exe <- i ten
      O4 - HKLM\..\Run: [defender] C:\\dfndrff_e17.exe <- i ten
      O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e17.exe <- ten
      O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\System32\kaityea.exe <- ten
      O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe <- ten
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mMpistub.dll <- i ten

      Uslugi do kasacji, opis usuwania masz w przyklejonym poscie:
      O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner -
      C:\WINDOWS\update\updmgr.exe
      O23 - Service: ľ2:ˇ/wů:Gź·siÖ (€?) - Unknown owner - C:\WINDOWS\mnsmsgr.exe
      Katalog update oraz plik mns... usun z dysku jak juz usuniesz uslugi.

      Na koniec skan ewido i po wszystkim wklej nowy log w hjt.
      • Gość: goloth Re: spradzenie loga proszeee IP: *.icpnet.pl 29.09.06, 17:37
        dziekuje za odpowiedz a jednoczesnie prosze o tlumaczenie jak dla dioty,bo nim
        jestem,nie rozmumiem calosci...Dziekuje za wyrozumialosc.
      • Gość: goloth bardziej konstruktywne pytanie IP: *.icpnet.pl 29.09.06, 18:05
        Nie wiem jak zamknac porty w wwdc, nie chce czegos zepsuc.
        W hjt usuniete.
        uslugi skasowane.
        "Katlog update oraz plik mns" gdzie one sa jak je usunac?
        skan ewido ?
        • Gość: Kolobos Re: bardziej konstruktywne pytanie IP: *.crowley.pl 29.09.06, 18:17
          Przeciez masz w naglowku forum: Oszczędź czas, zanim zapytasz przeczytaj wskazówki! Wiec zrob to:
          forum.gazeta.pl/forum/72,2.html?f=430&w=38051058
          > "Katlog update oraz plik mns" gdzie one sa jak je usunac?

          Tam gdzie masz podane w log'u z hijackthis.
          • Gość: goloth Nadal cos jest nie tak IP: *.icpnet.pl 29.09.06, 21:06
            Czytanie ze zrozumieniem widac u mnie szwankuje.Powoli bo powoli,ale zrobilam
            wszystko co trzeba,ale nadal cos jest nie tak.

            Logfile of HijackThis v1.99.1
            Scan saved at 21:03:07, on 2006-09-29
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\wltrysvc.exe
            C:\WINDOWS\System32\bcmwltry.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            C:\Program Files\ewido anti-spyware 4.0\guard.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
            C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\WINDOWS\System32\bcmntray.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\ewido anti-spyware 4.0\ewido.exe
            C:\WINDOWS\System32\msiexec.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\hijackthis.com

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.google.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
            \SPYBOT~1\SDHelper.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
            O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
            Buttons\EabServr.exe /Start
            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
            \bin\jusched.exe
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0
            \ewido.exe" /minimized
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
            O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
            arcaonline.arcabit.com/ArcaOnline.cab
            O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
            download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371030.cab
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            acs.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
            h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
            O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
            ax.emsisoft.com/asquared.cab
            O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\j2l4lc3q1f.dll
            (file missing)
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
            \Grisoft\AVGFRE~1\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1
            \Grisoft\AVGFRE~1\avgemc.exe
            O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
            C:\Program Files\ewido anti-spyware 4.0\guard.exe
            O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company,
            L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner -
            C:\WINDOWS\update\updmgr.exe (file missing)
            O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner -
            C:\WINDOWS\System32\wltrysvc.exe
            O23 - Service: ľ2:ˇ/
            wů:Gź·siÖ (€?
            ) - Unknown owner - C:\WINDOWS\mnsmsgr.exe (file missing)

            • Gość: Kolobos Re: Nadal cos jest nie tak IP: *.crowley.pl 29.09.06, 23:50
              Nie zrobiles wszystkiego...

              > ale nadal cos jest nie tak.

              Co dokladnie?

              W hjt usun jeszcze:
              O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\j2l4lc3q1f.dll
              (file missing)

              Miales usunac te uslugi tak jak to jest opisane w przyklejonym poscie, dlaczego tego nie zrobiles?
              O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner -
              C:\WINDOWS\update\updmgr.exe (file missing)
              O23 - Service: ľ2:ˇ/wů:Gź·siÖ (€?) - Unknown owner - C:\WINDOWS\mnsmsgr.exe (file missing)
Pełna wersja