Prosze o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.98.2

Scan saved at 20:54:34, on 2005-02-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\inet10055\winlogon.exe

C:\WINDOWS\System32\spools.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\System32\Lnjkdlli.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O4 - HKLM…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKLM…\Run: [spoolsv32] spools.exe

O4 - HKLM…\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx

#2

O4 - HKLM…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKLM…\Run: [spoolsv32] spools.exe

O4 - HKLM…\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

kasujesz

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\System32\Lnjkdlli.exe

kasujesz

F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

to też :slight_smile:

C:\WINDOWS\System32\cisvc.exe

kasujesz

sciągasz Lsp Fix i stamtą kasujesz aklsp . dll

to chyba na tyle :wink:

#3

hmm…nie widze serwis packa

#4

aha Rodzynaek daj po tym jak to wykasujesz log z wersji 19.9.0

zainstaluj sp2 na xp i sp 1 na ie !!

#5

Jak proboje usunąc te pliki z system32 to mi resetuje kompa co z tym zrobić???

#6

które ?? bo tam jest dużo wpisów do system 32 :?

#7

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\System32\Lnjkdlli.exe

te jak chce skasować to mi się komputer resetuje

#8

Najpierw:

Skanujesz tym:

Ad-Aware Se Personal

CWShredder 2.0

ETD Security Scanner 3.0 - Antyszpieg

PestPatrol

Opis Konfiguracji PestPatrol’a

Spybot -Search & Destroy

Później tym:

…::mks_vir::…

http://skaner.mks.com.pl

…::GeCAD (RAV)::…

http://www.ravantivirus.com/scan/

…::F-Secure::…

http://support.f-secure.com/enu/home/ols.shtml

…::BitDefender::…

http://www.bitdefender.com/scan/licence.php

Na koniec przeskanuj tylko te pliki tym skanerem:

http://forum.dobreprogramy.com/viewtopic.php?t=17685

I daj loga najnowszego HijackThis’a !

#9

Nie widziałem jeszcze takiej wersji HijackThis :o

Najnowsza wersja HijackThis 1.99

#10

Logfile of HijackThis v1.99.0

Scan saved at 12:02:10, on 2005-02-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\inet10055\winlogon.exe

C:\WINDOWS\System32\spools.exe

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Marcin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: earch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O4 - HKLM…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O4 - HKLM…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKLM…\Run: [spoolsv32] spools.exe

O4 - HKLM…\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O4 - HKCU…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: (HKLM)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{03B511A8-BC1A-41F2-B108-6232B8750AB2}: NameServer = 194.204.159.1,195.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip…{03B511A8-BC1A-41F2-B108-6232B8750AB2}: NameServer = 194.204.159.1,195.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip…{03B511A8-BC1A-41F2-B108-6232B8750AB2}: NameServer = 194.204.159.1,195.204.152.34

O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#11

Ściągnij program LSP-Fix i usuń w nim DLL:

aklsp.dll

Opis tutaj:

http://www.searchengines.pl/phpbb203/in … opic=12510

Z loga usuń:

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: earch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 ieautosearch

Usuń:

O4 - HKLM…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O4 - HKLM…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKLM…\Run: [spoolsv32] spools.exe

O4 - HKLM…\RunServices: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe

O4 - HKCU…\Run: [wuviewer] C:\WINDOWS\System32\wuviewer.exe

Fixuj:

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

Usuń ActiveX:

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab