Podejrzenie trojana


(przybylski) #1

Witam bardzo prosze o sprawdzenie logów ponieważ ktoś mi hasła wszędzie zmienia , gg , poczta itd

Podejrzewam,że może to jakiś Trojan.Kasperski nic nie wykrył.

# Scan saved at 15:34:11, on 2007-11-30

# Platform: Windows XP (WinNT 5.01.2600)

# MSIE: Internet Explorer v6.00 (6.00.2600.0000)

# Boot mode: Normal

#  

# Running processes:

# C:\WINDOWS\System32\smss.exe

# C:\WINDOWS\system32\winlogon.exe

# C:\WINDOWS\system32\services.exe

# C:\WINDOWS\system32\lsass.exe

# C:\WINDOWS\System32\Ati2evxx.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\system32\spoolsv.exe

# C:\WINDOWS\system32\Ati2evxx.exe

# C:\WINDOWS\Explorer.EXE

# C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

# C:\WINDOWS\System32\RunDll32.exe

# C:\Program Files\D-Tools\daemon.exe

# C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

# C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

# C:\Program Files\Messenger\msmsgs.exe

# C:\Program Files\Skype\Phone\Skype.exe

# C:\Program Files\Skype\Plugin Manager\skypePM.exe

# C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

# C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

# C:\Program Files\NetLimiter 2 Monitor\NLClient.exe

# C:\Program Files\WapSter\AQQ\AQQ.exe

# C:\WINDOWS\System32\wuauclt.exe

# C:\Program Files\Mozilla Firefox\firefox.exe

# C:\Program Files\AIMP2\AIMP2.exe

# C:\WINDOWS\System32\taskmgr.exe

# C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

#  

# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

# O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

# O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

# O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

# O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

# O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

# O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

# O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

# O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

# O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

# O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

# O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

# O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

# O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

# O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

# O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

# O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

# O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

# O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

# O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

# O17 - HKLM\System\CCS\Services\Tcpip\..\{727B6D12-7EFC-4B4A-8673-897688472009}: NameServer = 88.220.99.254 88.220.99.249

# O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

# O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

# O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

# O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

# O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

# O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

# O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

#  

# -- 

# End of file - 4509 bytes

(Gutek) #2

usuń wpisy HJT

Daj log z ComboFix