ninia127
(Ninia27)
23 Styczeń 2006 10:00
#1
czym mozna usunac Add Click Trojana, Norton nie daje sobie rady.
adam9870
(adam9870)
23 Styczeń 2006 10:27
#2
Przeskanuj kompa skanerem on-line
skanery do wyboru:
http://forum.dobreprogramy.pl/viewtopic.php?t=8175
I wrzuć na forum loga z HijackThis’a (to zobaczy się co masz jeszcze oprócz niego)
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
przemo86
(Przemoxmx)
23 Styczeń 2006 10:29
#3
jak wiesz w jakim liku jest to sciagnij program killbox i po kłopocie
ninia127
(Ninia27)
23 Styczeń 2006 10:33
#4
A czy moge ten lint recznie usunac?
Gutek
(Gutek)
23 Styczeń 2006 10:42
#5
ninia127
(Ninia27)
23 Styczeń 2006 11:57
#6
Oto log
Logfile of HijackThis v1.99.1 Scan saved at 12:58:10, on 23-01-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe c:\Programmer\Norton AntiVirus\navapsvc.exe c:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programmer\Steganos AntiSpyware 2006\WRSSSDK.exe C:\WINDOWS\System32\BRMFRSMG.EXE C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\sistray.EXE C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe C:\Programmer\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\System32\RunDll32.exe C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe C:\DOCUME~1\TOMMY~1.ENG\LOKALE~1\Temp\8.tmp.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Skype\Phone\Skype.exe C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programmer\PLANET WL-8310\WLANPRO.exe C:\WINDOWS\system32\javass.exe C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\WINDOWS\winio32.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Tommy.ENGROS\Lokale indstillinger\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nbsyd.dll/sp.html#93256%resultposition.net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {08A76AA8-55B8-70B2-36A7-A14598C929CD} - C:\WINDOWS\system32\sysuu.dll (file missing) O2 - BHO: Class - {18BC661B-CA52-BB63-83A2-D754F9603539} - C:\WINDOWS\system32\mfcyl.dll (file missing) O2 - BHO: Search - {23B7F92E-BBB9-48BE-9A36-6F139FFAAF94} - C:\WINDOWS\System32\Q22538265.dll (file missing) O2 - BHO: Class - {2592C0CE-149C-ADEC-97D8-0862B86A37F9} - C:\WINDOWS\iegf32.dll (file missing) O2 - BHO: Class - {264D7706-46BC-1C89-7DC5-AC71424D3C22} - C:\WINDOWS\system32\atlfm32.dll (file missing) O2 - BHO: Class - {40F8C74D-A12F-4EC1-7661-E0DA5EB9E685} - C:\WINDOWS\system32\winjz.dll (file missing) O2 - BHO: Class - {44059405-BDE5-1BD6-8E61-9E0A735AADEB} - C:\WINDOWS\system32\sysjg.dll (file missing) O2 - BHO: Class - {57FC7057-0054-4F46-DA9A-64939906284A} - C:\WINDOWS\system32\addji.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Class - {8521EA94-1EC4-ED82-D9DA-81CA0FF7674B} - C:\WINDOWS\ntyf.dll (file missing) O2 - BHO: Class - {88A0DFAF-D127-0E42-9723-AC5C6B593177} - C:\WINDOWS\atlvi32.dll (file missing) O2 - BHO: Class - {8F1CBE3D-FED7-E0D7-0684-AA234F6A116D} - C:\WINDOWS\d3ox32.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Class - {AEEB8E59-9B25-8247-A3C5-C38674EF0D9F} - C:\WINDOWS\iphz32.dll (file missing) O2 - BHO: Class - {B36A4008-5663-2ECF-9E70-FA3F4CC8F486} - C:\WINDOWS\mfcqd.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {C1A41FA6-75A9-208D-8DC5-1020AE6270B6} - C:\WINDOWS\d3db.dll (file missing) O2 - BHO: Class - {D827AA16-BF10-A6CC-75DD-7113C96F5202} - C:\WINDOWS\system32\ipne32.dll (file missing) O2 - BHO: Class - {DFE0AADE-309F-B542-7B55-E73D33C13F43} - C:\WINDOWS\system32\atlfx32.dll (file missing) O2 - BHO: Class - {EFEBB260-C21E-967D-CA15-0C1770C3C5C5} - C:\WINDOWS\atlhp32.dll (file missing) O2 - BHO: Class - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javary32.dll (file missing) O2 - BHO: Class - {F292FDF9-73D1-15E7-DA6B-DA2D7932EB4D} - C:\WINDOWS\apidv32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Search - {C5175F88-DFE1-4FDC-99EE-F437394DC5C1} - C:\WINDOWS\System32\Q22538265.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll O4 - HKLM…\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM…\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM…\Run: [sSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM…\Run: [indexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM…\Run: [setDefPrt] C:\Programmer\Brother\Brmfl04e\BrStDvPt.exe O4 - HKLM…\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [ccApp] “c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [8.tmp] C:\DOCUME~1\TOMMY~1.ENG\LOKALE~1\Temp\8.tmp.exe O4 - HKLM…\Run: [9.tmp] C:\DOCUME~1\TOMMY~1.ENG\LOKALE~1\Temp\9.tmp.exe O4 - HKLM…\Run: [8.tmp.exe] C:\DOCUME~1\TOMMY~1.ENG\LOKALE~1\Temp\8.tmp.exe O4 - HKLM…\Run: [9.tmp.exe] C:\DOCUME~1\TOMMY~1.ENG\LOKALE~1\Temp\9.tmp.exe O4 - HKLM…\Run: [Antispyware 2006] “C:\Programmer\Steganos AntiSpyware 2006\saspy2006.exe” /startintray O4 - HKLM…\Run: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe O4 - HKLM…\Run: [addbj.exe] C:\WINDOWS\system32\addbj.exe O4 - HKLM…\Run: [addri32.exe] C:\WINDOWS\system32\addri32.exe O4 - HKLM…\Run: [ntjg.exe] C:\WINDOWS\system32\ntjg.exe O4 - HKLM…\Run: [sysas.exe] C:\WINDOWS\system32\sysas.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [Google Desktop Search] “C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [d3jd32.exe] C:\WINDOWS\system32\d3jd32.exe O4 - HKLM…\Run: [appbu.exe] C:\WINDOWS\appbu.exe O4 - HKLM…\Run: [d3ce.exe] C:\WINDOWS\d3ce.exe O4 - HKLM…\Run: [sysbs32.exe] C:\WINDOWS\system32\sysbs32.exe O4 - HKLM…\Run: [iewx32.exe] C:\WINDOWS\iewx32.exe O4 - HKLM…\Run: [adddu32.exe] C:\WINDOWS\adddu32.exe O4 - HKLM…\Run: [winio32.exe] C:\WINDOWS\winio32.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Search - {C5175F88-DFE1-4FDC-99EE-F437394DC5C1} - C:\WINDOWS\System32\Q22538265.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1 … gleNav.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat … -devel.cab O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - c:\Programmer\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmer\Steganos AntiSpyware 2006\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5