CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Proszę o analize loga

Proszę o analize loga

Mam problem z neostradą pod XP modem łączy bez problemu a internet explorer nie daje przeglądać witryn [codeLogfile of HijackThis v1.98.2
Scan saved at 17:30:20, on 2005–02–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32SndMon32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSautoclk.exe
C:PROGRA~1Wanadoo askbaricon.exe
C:WINDOWSSystem32kijsgn.exe
C:WINDOWSSystem32winIogon.exe
C:WINDOWSSystem32RunDll32.exe
C:WINDOWS ngbc.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:PROGRA~1DAPDAP.EXE
C:WINDOWSSystem32iexplorer.exe
C:WINDOWSSystem32crcss.exe
C:WINDOWSSystem32 pmsys.exe
C:Program FilesISTsvcistsvc.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:Program FilesKalendarz XPKalendarz.exe
C:Documents and SettingsTomaszMoje dokumentyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allegro.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [autoclk] autoclk.exe
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1Wanadoo askbaricon.exe
O4 – HKLM..Run: [Windows Compliant] kijsgn.exe
O4 – HKLM..Run: [system32 servlces] winIogon.exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [aExmBKME] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [DownloadAccelerator] C:PROGRA~1DAPDAP.EXE /STARTUP
O4 – HKLM..Run: [Microsoft Explorer] iexplorer.exe
O4 – HKLM..Run: [PCprot] crcss.exe
O4 – HKLM..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..Run: [aExm"igY] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [u04C
}z[8C:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [u0@]"iC:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [u0@]"u0C:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [AdStatus Service] C:Program FilesAdStatus ServiceAdStatServ.exe
O4 – HKLM..Run: [Norton Personal Firewall] npmsys.exe
O4 – HKLM..Run: [trickler] "c:documents and settings omaszustawienia lokalne emp~vis0001gain_3202.exe"
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..RunServices: [Windows Compliant] kijsgn.exe
O4 – HKLM..RunServices: [system32 servlces] winIogon.exe
O4 – HKLM..RunServices: [Microsoft Explorer] iexplorer.exe
O4 – HKLM..RunServices: [PCprot] crcss.exe
O4 – HKLM..RunServices: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..RunServices: [Norton Personal Firewall] npmsys.exe
O4 – HKLM..RunOnce: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..RunOnce: [SpybotSnD] "C:Program FilesSpybot – Search & DestroySpybotSD.exe" /autocheck
O4 – HKCU..Run: [Windows Compliant] kijsgn.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKCU..Run: [Norton Personal Firewall] npmsys.exe
O4 – HKCU..RunOnce: [Windows Sound Manager] SndMon32.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O4 – Global Startup: Kalendarz XP.lnk = C:Program FilesKalendarz XPStart.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Si&milar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab

]

Odpowiedzi: 1

Wylacz przywracanie

Zakoncz nastepujace procesy w tasku:
SndMon32.exe
kijsgn.exe
winIogon.exe (fałszywka systemowego)
RunDll32.exe (jw.)
tngbc.exe
iexplorer.exe (jw.)
crcss.exe (jw.)
npmsys.exe
istsvc.exe




R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)

Nieusuwalny przez HJT, usun recznie z rejestru


FIX:
O4 – HKLM..Run: [Windows Compliant] kijsgn.exe
O4 – HKLM..Run: [system32 servlces] winIogon.exe
O4 – HKLM..Run: [aExmBKME] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [Microsoft Explorer] iexplorer.exe
O4 – HKLM..Run: [PCprot] crcss.exe
O4 – HKLM..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..Run: [aExm"igY] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [u04C
}z[8C:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [u0@]"iC:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [u0@]"u0C:Program FilesISTsvcistsvc.exe] C:WINDOWS ngbc.exe
O4 – HKLM..Run: [AdStatus Service] C:Program FilesAdStatus ServiceAdStatServ.exe
O4 – HKLM..Run: [Norton Personal Firewall] npmsys.exe
O4 – HKLM..Run: [trickler] "c:documents and settings omaszustawienia lokalne emp~vis0001gain_3202.exe"
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..RunServices: [Windows Compliant] kijsgn.exe
O4 – HKLM..RunServices: [system32 servlces] winIogon.exe
O4 – HKLM..RunServices: [Microsoft Explorer] iexplorer.exe
O4 – HKLM..RunServices: [PCprot] crcss.exe
O4 – HKLM..RunServices: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..RunServices: [Norton Personal Firewall] npmsys.exe
O4 – HKLM..RunOnce: [Windows Sound Manager] SndMon32.exe
O4 – HKCU..Run: [Windows Compliant] kijsgn.exe
O4 – HKCU..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKCU..Run: [Norton Personal Firewall] npmsys.exe
O4 – HKCU..RunOnce: [Windows Sound Manager] SndMon32.exe


Oczywiscie nie musze pisać ze plikow sie pozbywasz
Pamietaj o lokalizacjach i literkach w nazwie zebys sobie kuku nie zrobił
W razie problemow wywalaj w awaryjnym
Pozniej po zabawie wklej nowy log

Do tego Google Toolbar, ale nie wiem czy to Twoja sprawka czy "sam" sie zainstalował
Bobi
Dodano
03.02.2005 20:17:17
wiecho
Dodano:
03.02.2005 19:30:50
Komentarzy:
1
Strona 1 / 1