prosze o sprawdzenie loga z hijack this

[darkman]

siemka prosze o sprawdzenie loga jak na moje oko wszystko ok ale nie jestem pewien szczególne dziwi mnie ten wpis:
O17 - HKLMSystemCCSServicesTcpip..{0C7A1CA2-39EA-4A33-BEC8-5FC67D40BE03}: NameServer = 194.204.152.34 217.98.63.164
a to cały log:

Logfile of HijackThis v1.99.1
Scan saved at 14:57:43, on 2006-10-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramyAlwil SoftwareAvast4aswUpdSv.exe
C:ProgramyALWILS~1Avast4ashDisp.exe
C:Programyewido anti-spyware 4.0ewido.exe
C:Program FilesLexmark 4300 Serieslxcemon.exe
C:Program FilesLexmark 4300 Seriesezprint.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:ProgramyAlwil SoftwareAvast4ashServ.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:ProgramySpybot - Search & DestroyTeaTimer.exe
C:Programyewido anti-spyware 4.0guard.exe
C:ProgramyNero 7InCDInCDsrv.exe
C:Program FilesNeostrada TPNeostradaTP.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:ProgramySpyware Doctorsdhelp.exe
C:Program FilesNeostrada TPComComp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:ProgramyAlwil SoftwareAvast4ashMaiSv.exe
C:ProgramyAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32lxcecoms.exe
C:WINDOWSSystem32alg.exe
C:Program FilesNeostrada TPWatch.exe
C:Programyfirefox.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsRafałPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:ProgramyFlashGetjccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramySpybot - Search & DestroySDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:ProgramyFlashGetfgiebar.dll
O4 - HKLM..Run: [avast!] C:ProgramyALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [!ewido] "C:Programyewido anti-spyware 4.0ewido.exe" /minimized
O4 - HKLM..Run: [LXCECATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [lxcemon.exe] "C:Program FilesLexmark 4300 Serieslxcemon.exe"
O4 - HKLM..Run: [EzPrint] "C:Program FilesLexmark 4300 Seriesezprint.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesLexmark Fax Solutionsfm3032.exe" /s
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:ProgramySpybot - Search & DestroyTeaTimer.exe
O8 - Extra context menu item: Download All by FlashGet - C:ProgramyFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:ProgramyFlashGetjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:ProgramyFlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:ProgramyFlashGetflashget.exe
O17 - HKLMSystemCCSServicesTcpip..{0C7A1CA2-39EA-4A33-BEC8-5FC67D40BE03}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:ProgramyAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:ProgramyAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:ProgramyAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:ProgramyAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Programyewido anti-spyware 4.0guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:ProgramyNero 7InCDInCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:WINDOWSsystem32lxcecoms.exe
O23 - Service: NBService - Nero AG - C:ProgramyNero 7Nero BackItUpNBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:ProgramySpyware Doctorsdhelp.exe

[andrzej 64]

Wyszczegulniony przez ciebie wpis jest wporządku. Jak wyłączysz połączenie z internetem to wpisu nie będzie.

[darkman]

nie wiem jak tam uważasz ale wcześniej tego nie było jak łączyłem się z netem

[pp3088]

To serwer DNS w twoim wypadku prawidłowy. Log także.

[kris11a]

czesc prosze o sprawdzenie loga znalazlem przez jv16 program c25 MsvcLogfile of HijackThis v1.99.1
Scan saved at 12:34:44, on 2006-10-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32
vsvc32.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:PROGRA~1KEMailKbKEMailKb.EXE
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32svcchost.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program Filesjv16 PowerTools 2006jv16PT.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesOperaOpera.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1JASIEK~1USTAWI~1TempRar$EX00.541HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSPCHealthHelpCtrSystempanelslank.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - C:Program FilesPeer2Mail Toolbarv2.0.0.0Peer2Mail_Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:Program FilesPeer2Mail Toolbarv2.0.0.0Peer2Mail_Toolbar.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [KEMailKb] C:PROGRA~1KEMailKbKEMailKb.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..RunServices: [msvcc25] svcchost.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O17 - HKLMSystemCCSServicesTcpip..{40112541-D9D8-4AFB-9705-E632586054DA}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32 pcc.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32
vsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe

c25

[pp3088]

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - C:Program FilesPeer2Mail Toolbarv2.0.0.0Peer2Mail_Toolbar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:Program FilesPeer2Mail Toolbarv2.0.0.0Peer2Mail_Toolbar.dll

Usuwasz wpisy HiJackiem a pogrubione do kosza ręcznie.

O4 - HKLM..RunServices: [msvcc25] svcchost.exe

http://www.instalki.pl/programy/downloa ... leaner.php

Zmieniasz kolory czerowne na zielone, wymaga restartu. Kasujesz wyżej wymieniony plik i wpis. Nie pomyl się svchost.exe jest prawidłowy, natomiast plik trojana to svcchost.

O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32
pcc.dll

do wywalenia
link: http://www.instalki.pl/programy/downloa ... illBox.php
Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :

C:WINDOWSSystem32
pcc.dll

Klikasz X i reset kompa.

Daj log z SilentRunners.