Proszę o sprawdzenie loga


(Aligator27) #1

witam

Chyba mam trojana albo mialem bo cześć usunełem sam ale bardzo prosił bym o jeszcze sprawdzenie loga czy jest czysty

Logfile of HijackThis v1.99.1

Scan saved at 18:07:47, on 2006-06-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

D:\PROGRA~1\FDF\FAST2.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\MAXIMUS\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1045

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [FAST Defrag] D:\PROGRA~1\FDF\FAST2.EXE -tray

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\dosenh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


(Bbieniol) #2

Użyj narzędzia Look2Me-Destroyer, następnie wrzuć log z programu l2mfix (wybierasz opcje 1)

PS> Chyba zły dział :roll:


(Aligator27) #3

nie wiem czy to dobry log ale tu widac ze mam trojana jak sie go pozbyc

Spyware Nuker XT Detection Report

Scan Started: 06-02-2006 18:48

Software Version: 4.7.58.1796

Database Version: 5/30/2006 08:57:59 AM

Operating System: Windows XP 5.1.2600 [Dodatek Service Pack 2]

Web Browser(s): IE:6.0.2900.2180;

Downloader.DrSmart

1152-62689 Silently connects to a remote location where it downloads and installs known spyware.

File C:\WINDOWS\system32\drsmartload261a.exe

Hijacker.Slotch Toolbar

630-18248 Hijacks you browser settings. Installs programs on your computer without permission. Reports personal computer information over the internet including the entire registry. Installs adult links on your computer.

Registry Key HKEY_CURRENT_USER\Software\IST

Trojan.Winsys

1205-62454 Silently communicates with a remote location, downloads and executes other files, and hijacks browser's homepage.

Registry Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main:Default_Search_URL:http://searchbar.findthewebsiteyouneed.com


(Bbieniol) #4

Wykonałeś moje wskazówki?