Proszę o sprawdzenie loga-ciagle monit o wirusach


(A 4) #1
Logfile of HijackThis v1.99.1

Scan saved at 16:56:01, on 2006-04-29

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\cmd.exe

D:\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe

O4 - HKLM\..\Run: [Windows System File] csserv.exe

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SysTray] c:\Program Files\paytime.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [secures23] lup.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [System Service] backup.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\RunServices: [secures23] lup.exe

O4 - HKLM\..\RunServices: [Windows System File] csserv.exe

O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [System Service] backup.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O15 - Trusted Zone: *.mmohsix.com

O16 - DPF: Win32 Classes - 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145288157421

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3A26CC-B049-4476-B229-EB98EDDC4D0E}: NameServer = 217.30.129.149,217.30.137.200

O20 - Winlogon Notify: App Paths - C:\WINDOWS\

O20 - Winlogon Notify: ExtShellViews - C:\WINDOWS\system32\m0nqla551d.dll

O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll

O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)

O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)

O23 - Service: Windows System Tray - Unknown owner - C:\WINDOWS\systay.exe (file missing)

EDIT: Lazikar

Tytuł. :frowning:


(Gutek) #2

Zastosuj się do tego Tematu

Użyj Look2Me-Destroyer.exe

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz netconf32 i Windows System Tray

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy logi Silent i hijack :stuck_out_tongue:

Scan EWIDO po update :wink:


(A 4) #3

Windows System Tray i netconf32---- nie mam czegos takiego(chyba :oops: )

Nie moge usunać xptptt.dll

Logfile of HijackThis v1.99.1

Scan saved at 17:55:16, on 2006-04-29

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Trawka\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: Win32 Classes - 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145288157421

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3A26CC-B049-4476-B229-EB98EDDC4D0E}: NameServer = 217.30.129.149,217.30.137.200

O20 - Winlogon Notify: App Paths - C:\WINDOWS\

O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

(Gutek) #4

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\0mcamcap.exe

C:\WINDOWS\System32\xptptt.dll

i naciskasz X czerwony. Program poprosi o reset kompa ... czyli resetujesz. A wpisy hiajckiem, log z silenta gdzie?

POCZYTAJ - http://www.sophos.com/virusinfo/analyse ... oorbn.html zobacz na Advanced poszukaj plików i wejdż w rejestr i usuń

Klucze na końcu:


(A 4) #5

Wklejam log

Logfile of HijackThis v1.99.1

Scan saved at 18:43:46, on 2006-04-29

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Documents and Settings\Trawka\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145288157421

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3A26CC-B049-4476-B229-EB98EDDC4D0E}: NameServer = 217.30.129.149,217.30.137.200

O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Nie mam pojecia jak usunac te klucze z rejestru(jestem poczatkujacym uzytkownikiem i na rejestrze sie nie znam) Tym programem KillBox nie moge cos usunac. Robie jak kazecie ale wyskakuje cos takiego: PENDING FILE RENAME OPERATIONS REGISTRY DATA HAS BEEN REMOVED BY EXTERNAL PROCESS. Niewiem moze to dobrze,ale wydaje mi sie ze po odliczaniu powinien sie zrestartowac a tego nie robi tylko wlasnie wyskakuje to okienko. Ps. Dzieki ze mi pomagacie Aha wklejam jescze wklejam jeszcze logs z killBoxa:

Pocket Killbox version 2.0.0.648

Running on Windows XP as Trawka(Administrator)

was started @ sobota, kwiecień 29, 2006, 6:30 PM


# 1 [Delete on Reboot]

Path = C:\WINDOWS\System32\0mcamcap.exe 



# 2 [Files to Delete]

Path = C:\WINDOWS\System32\0mcamcap.exe 

*This file does not seem to exist


# 3 [Delete on Reboot]

Path = C:\WINDOWS\System32\0mcamcap.exe 

*This file does not seem to exist


# 4 [Delete on Reboot]

Path = C:\WINDOWS\SYSTEM32\xptptt.dll 

*This file does not seem to exist


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 6:32:27 PM

# 5 [Delete on Reboot]

Path = C:\WINDOWS\SYSTEM32\xptptt.dll 

*This file does not seem to exist


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 6:33:06 PM

Killbox Closed(Exit) @ 6:33:13 PM

(Bbieniol) #6

Zastosowałeś się do tego?