Scan HiJackThis

CoolTwist · 20 Grudzień 2011 15:21

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:20:18, on 2011-12-20

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\KaraokeSer.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

D:\PLAY ONLINE\PLAY ONLINE.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Splashtop\Splashtop Connect\BackService.exe

C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Kies\KiesTrayAgent.exe

C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

E:\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Documents and Settings\xxx\Dane aplikacji\PLAY ONLINE\ouc.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT3031817

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: SFT_Polska Toolbar - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: SFT_Polska - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT0.dll

O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll

O3 - Toolbar: SFT_Polska Toolbar - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

O4 - HKLM…\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui

O4 - HKLM…\Run: [ZyngaGamesAgent] “C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe”

O4 - HKLM…\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [Norton] C:\WINDOWS\inf\catalog\navapsvcxp.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [HW_OPENEYE_OUC_PLAY ONLINE] “D:\PLAY ONLINE\UpdateDog\ouc.exe”

O4 - HKCU…\Run: [KiesHelper] E:\Kies\KiesHelper.exe /s

O4 - HKCU…\Run: [KiesTrayAgent] E:\Kies\KiesTrayAgent.exe

O4 - HKCU…\Run: [KiesPDLR] E:\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU…\Run: [screenshooter] E:\Program Files\ScreenShooter\screenshooter.exe --hidden

O4 - HKCU…\Run: [Vectir] E:\Program Files\Vectir\Vectir.exe /Startup

O4 - HKCU…\Run: [HEXelon MAX] “C:\Documents and Settings\xxx\Pulpit\HEXelonMAX6\hexelon.exe” /auto

O4 - HKCU…\Run: [NT12] C:\WINDOWS\System32\NT12.exe

O4 - HKCU…\Run: [skan_mon.exe] C:\WINDOWS\skan_mon.exe

O4 - HKCU…\Run: [sYSXP] C:\WINDOWS\System32\sysxp.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{C6288C88-96DC-4BE0-9FDF-5CC1558FD7C7}: NameServer = 89.108.195.20 217.17.34.10

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apache2 - Unknown owner - C:\Documents and Settings\xxx\Pulpit\Plemiona\Silnik Plemion editet by Only Head Shot\apache\bin\apache.exe (file missing)

O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\httpd.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - e:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: mysql - Unknown owner - E:\xampp\mysql\bin\mysqld.exe (file missing)

O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe

O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

–

End of file - 10169 bytes

Agaton · 20 Grudzień 2011 16:54

CoolTwist ,

Proszę zapoznać się z tematem i poprawić tytuł na konkretny, mówiący o problemie, w poście dokładnie opisać problem. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

Wklejanie logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zaleceń będzie skutkowało usunięciem tematu do Kosza.

miki25 · 20 Grudzień 2011 16:55

Przygotuj raporty OTL zgodnie z wytycznymi na - otl-gmer-rsit-dss-inne-instrukcje-t370405.html

– Dodane 20.12.2011 (Wt) 17:57 –

Wstępnie możesz wykonać skanowanie CCE ( Comodo Cleaning Essentials ) - http://help.comodo.com/topic-119-1-208- … tials.html