Witam dzisiaj wszedłem na kompa i wyskoczyło mi że mam trojana, zeskanowałem i oto wyniki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:50, on 2010-08-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Ntuhif.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Magier\USTAWI~1\Temp\Ncx.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\DOCUME~1\Magier\USTAWI~1\Temp\brosan.exe
C:\Documents and Settings\All Users\Dane aplikacji\5e1380a\SM5e13_231.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Nie windows\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.228.209.235 http://www.google.com
O1 - Hosts: 94.228.209.235 google.com
O1 - Hosts: 94.228.209.235 google.com.au
O1 - Hosts: 94.228.209.235 http://www.google.com.au
O1 - Hosts: 94.228.209.235 google.be
O1 - Hosts: 94.228.209.235 http://www.google.be
O1 - Hosts: 94.228.209.235 google.com.br
O1 - Hosts: 94.228.209.235 http://www.google.com.br
O1 - Hosts: 94.228.209.235 google.ca
O1 - Hosts: 94.228.209.235 http://www.google.ca
O1 - Hosts: 94.228.209.235 google.ch
O1 - Hosts: 94.228.209.235 http://www.google.ch
O1 - Hosts: 94.228.209.235 google.de
O1 - Hosts: 94.228.209.235 http://www.google.de
O1 - Hosts: 94.228.209.235 google.dk
O1 - Hosts: 94.228.209.235 http://www.google.dk
O1 - Hosts: 94.228.209.235 google.fr
O1 - Hosts: 94.228.209.235 http://www.google.fr
O1 - Hosts: 94.228.209.235 google.ie
O1 - Hosts: 94.228.209.235 http://www.google.ie
O1 - Hosts: 94.228.209.235 google.it
O1 - Hosts: 94.228.209.235 http://www.google.it
O1 - Hosts: 94.228.209.235 google.co.jp
O1 - Hosts: 94.228.209.235 http://www.google.co.jp
O1 - Hosts: 94.228.209.235 google.nl
O1 - Hosts: 94.228.209.235 http://www.google.nl
O1 - Hosts: 94.228.209.235 google.no
O1 - Hosts: 94.228.209.235 http://www.google.no
O1 - Hosts: 94.228.209.235 google.co.nz
O1 - Hosts: 94.228.209.235 http://www.google.co.nz
O1 - Hosts: 94.228.209.235 google.pl
O1 - Hosts: 94.228.209.235 http://www.google.pl
O1 - Hosts: 94.228.209.235 google.se
O1 - Hosts: 94.228.209.235 http://www.google.se
O1 - Hosts: 94.228.209.235 google.co.uk
O1 - Hosts: 94.228.209.235 http://www.google.co.uk
O1 - Hosts: 94.228.209.235 google.co.za
O1 - Hosts: 94.228.209.235 http://www.google.co.za
O1 - Hosts: 94.228.209.235 http://www.google-analytics.com
O1 - Hosts: 94.228.209.235 http://www.bing.com
O1 - Hosts: 94.228.209.235 search.yahoo.com
O1 - Hosts: 94.228.209.235 http://www.search.yahoo.com
O1 - Hosts: 94.228.209.235 uk.search.yahoo.com
O1 - Hosts: 94.228.209.235 ca.search.yahoo.com
O1 - Hosts: 94.228.209.235 de.search.yahoo.com
O1 - Hosts: 94.228.209.235 fr.search.yahoo.com
O1 - Hosts: 94.228.209.235 au.search.yahoo.com
O1 - Hosts: 94.228.209.235 http://www.google.com
O1 - Hosts: 94.228.209.235 google.com
O1 - Hosts: 94.228.209.235 google.com.au
O1 - Hosts: 94.228.209.235 http://www.google.com.au
O1 - Hosts: 94.228.209.235 google.be
O1 - Hosts: 94.228.209.235 http://www.google.be
O1 - Hosts: 94.228.209.235 google.com.br
O1 - Hosts: 94.228.209.235 http://www.google.com.br
O1 - Hosts: 94.228.209.235 google.ca
O1 - Hosts: 94.228.209.235 http://www.google.ca
O1 - Hosts: 94.228.209.235 google.ch
O1 - Hosts: 94.228.209.235 http://www.google.ch
O1 - Hosts: 94.228.209.235 google.de
O1 - Hosts: 94.228.209.235 http://www.google.de
O1 - Hosts: 94.228.209.235 google.dk
O1 - Hosts: 94.228.209.235 http://www.google.dk
O1 - Hosts: 94.228.209.235 google.fr
O1 - Hosts: 94.228.209.235 http://www.google.fr
O1 - Hosts: 94.228.209.235 google.ie
O1 - Hosts: 94.228.209.235 http://www.google.ie
O1 - Hosts: 94.228.209.235 google.it
O1 - Hosts: 94.228.209.235 http://www.google.it
O1 - Hosts: 94.228.209.235 google.co.jp
O1 - Hosts: 94.228.209.235 http://www.google.co.jp
O1 - Hosts: 94.228.209.235 google.nl
O1 - Hosts: 94.228.209.235 http://www.google.nl
O1 - Hosts: 94.228.209.235 google.no
O1 - Hosts: 94.228.209.235 http://www.google.no
O1 - Hosts: 94.228.209.235 google.co.nz
O1 - Hosts: 94.228.209.235 http://www.google.co.nz
O1 - Hosts: 94.228.209.235 google.pl
O1 - Hosts: 94.228.209.235 http://www.google.pl
O1 - Hosts: 94.228.209.235 google.se
O1 - Hosts: 94.228.209.235 http://www.google.se
O1 - Hosts: 94.228.209.235 google.co.uk
O1 - Hosts: 94.228.209.235 http://www.google.co.uk
O1 - Hosts: 94.228.209.235 google.co.za
O1 - Hosts: 94.228.209.235 http://www.google.co.za
O1 - Hosts: 94.228.209.235 http://www.google-analytics.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM…\Run: [avast!] C:\NIEWIN~1\Avast\ashDisp.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM…\Run: [LogMeIn Hamachi Ui] “C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [Driver Control Manager v3.1] C:\DOCUME~1\Magier\USTAWI~1\Temp\brosan.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU…\Run: [Driver Control Manager v3.1] C:\DOCUME~1\Magier\USTAWI~1\Temp\brosan.exe
O4 - HKCU…\Run: [bSK91O3T6D] C:\DOCUME~1\Magier\USTAWI~1\Temp\Ncx.exe
O4 - HKCU…\Run: [security Master AV] “C:\Documents and Settings\All Users\Dane aplikacji\5e1380a\SM5e13_231.exe” /s /d
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: RtlWake.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O19 - User stylesheet: C:\Nie windows\Inne\Michał\sledzik.css (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Nie windows\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Nie windows\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Nie windows\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Nie windows\Avast\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
–
End of file - 9621 bytes