Prosze o sprawdzenia loga


(Dominika930) #1

wyskakuje mi jakis trojan i nie moge go usunac

Logfile of HijackThis v1.99.1

Scan saved at 23:24:34, on 2007-01-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\SYSTEM32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

I:\WINDOWS\Explorer.EXE

I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\asuskbservice.exe

I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

I:\WINDOWS\system32\drivers\CDAC11BA.EXE

I:\WINDOWS\system32\svchost.exe

I:\Program Files\Video ActiveX Object\isamonitor.exe

I:\Program Files\Video ActiveX Object\pmsngr.exe

I:\WINDOWS\anvshell.exe

I:\WINDOWS\SOUNDMAN.EXE

I:\WINDOWS\system32\LVCOMSX.EXE

I:\Program Files\Logitech\Video\LogiTray.exe

I:\Program Files\Video ActiveX Object\pmmon.exe

I:\Program Files\Video ActiveX Object\isamini.exe

I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

I:\Program Files\Common Files\Real\Update_OB\realsched.exe

I:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

I:\Program Files\iTunes\iTunesHelper.exe

I:\Program Files\BenQ\QMusic2\QMAgent.exe

I:\WINDOWS\Connection Wizard\explorer.exe

I:\Program Files\Common Files\Symantec Shared\ccApp.exe

I:\Program Files\iPod\bin\iPodService.exe

I:\Program Files\Logitech\Video\FxSvr2.exe

I:\WINDOWS\system32\ctfmon.exe

I:\Program Files\Messenger\msmsgs.exe

I:\WINDOWS\System32\svchost.exe

I:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

I:\PROGRA~1\MOZILL~1\FIREFOX.EXE

I:\Program Files\PowerArchiver\POWERARC.EXE

I:\DOCUME~1\prusak\USTAWI~1\Temp\_PA613\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - I:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - I:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - I:\Program Files\Video ActiveX Object\isaddon.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - I:\Program Files\Video ActiveX Object\iesplugin.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - I:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Program Files\Logitech\Video\ISStart.exe 

O4 - HKLM\..\Run: [LogitechVideoTray] I:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Kopia 1)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Kopia 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [icvxkmfbdx] i:\windows\system32\icvxkmfbdx.exe icvxkmfbdx

O4 - HKLM\..\Run: [SDR6V_Check] "I:\Program Files\Common Files\DriveCleaner 2006 Free\SDRmon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QMusic2] "I:\Program Files\BenQ\QMusic2\QMAgent.exe"

O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "I:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] I:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start

O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [VideoCall] "I:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized

O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [***ERROR*** - Missing string in language resource file.] "I:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized -minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://I:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://I:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?71c17b06faf7417d9e847fc2b3d370ab

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)

O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - I:\WINDOWS\asuskbservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Boonty Games - BOONTY - I:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - I:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: DirectX Service (DirectQilk) - Unknown owner - I:\WINDOWS\system32\directx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - I:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

(Joan Sunshine) #2

Użyj SmitFraudFix z opcji 2 w trybie awaryjnym i po tym nowe logi z HJT i Silent Runners a także raport ze SmitFraudFix – plik c:\rapport.txt. :slight_smile:


(Gutek) #3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222