Bardzo proszę o pomoc ...infekcja komputerta..!!!!
Wklejam loga z hijacka..proszę o pomoc..
[Logfile of HijackThis v1.99.1
Scan saved at 16:11:01, on 2005–11–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\optmouse.exe
E:\winamp\winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\priva.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Róźne\gg.exe
E:\SKYPE\Phone\Skype.exe
C:\Program Files\Kodak\KODAK S[oftware Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\firefox\firefox.exe
C:\Documents and Settings\jagoda 1\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – (no file)
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\System32\optmouse.exe
O4 – HKLM\..\Run: [WinampAgent] E:\winamp\winampa.exe
O4 – HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe internat.dll,LoadMouseCarpetProfile
O4 – HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 – HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\RunServices: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "E:\Róźne\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "E:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5356.exe"
O4 – HKCU\..\Run: [klop] C:\WINDOWS\1F.tmp
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – HKCU\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 – Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: ECBDFAFE – {1FF03F48–731C–0F7A–0A81–01F8171F0572} – C:\WINDOWS\System32\Cconkpdh.dll (file missing)
O21 – SSODL: mtklefa – {7C3560FB–A9C0–4E36–8AB9–BC0879BCEEBE} – C:\WINDOWS\System32\yjpfv32.dll (file missing)
O21 – SSODL: mtklefap – {648D2522–0FEA–413B–C480–99356CE4FA01} – C:\WINDOWS\System32\vykc32.dll (file missing)
O21 – SSODL: SysTray.Exsl – {6368D5FC–6F5C–4f5b–B164–E67214F67859} – C:\WINDOWS\System32\maneqhmd.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\gbjbqmfa.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe]
[Logfile of HijackThis v1.99.1
Scan saved at 16:11:01, on 2005–11–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\optmouse.exe
E:\winamp\winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\priva.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Róźne\gg.exe
E:\SKYPE\Phone\Skype.exe
C:\Program Files\Kodak\KODAK S[oftware Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\firefox\firefox.exe
C:\Documents and Settings\jagoda 1\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – (no file)
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\System32\optmouse.exe
O4 – HKLM\..\Run: [WinampAgent] E:\winamp\winampa.exe
O4 – HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe internat.dll,LoadMouseCarpetProfile
O4 – HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 – HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\RunServices: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "E:\Róźne\gg.exe" /tray
O4 – HKCU\..\Run: [Skype] "E:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5356.exe"
O4 – HKCU\..\Run: [klop] C:\WINDOWS\1F.tmp
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – HKCU\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 – Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: ECBDFAFE – {1FF03F48–731C–0F7A–0A81–01F8171F0572} – C:\WINDOWS\System32\Cconkpdh.dll (file missing)
O21 – SSODL: mtklefa – {7C3560FB–A9C0–4E36–8AB9–BC0879BCEEBE} – C:\WINDOWS\System32\yjpfv32.dll (file missing)
O21 – SSODL: mtklefap – {648D2522–0FEA–413B–C480–99356CE4FA01} – C:\WINDOWS\System32\vykc32.dll (file missing)
O21 – SSODL: SysTray.Exsl – {6368D5FC–6F5C–4f5b–B164–E67214F67859} – C:\WINDOWS\System32\maneqhmd.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\gbjbqmfa.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe]
Odpowiedzi: 3
Dziękuję..zaraz sprawdzę ... :wink:
Do wywalenia.
I jako podejrzane te wpisy nibymyszy teź bym się pozbył.
Co log to więcej śmieci.
Tempy wyczyszczone ?
Przywracanie wyłączone ?
Ten Avast to nie przypadkiem tylko niezarejestrowane demo ?
Nie widze źadnego firewalla.
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 – URLSearchHook: (no name) – _{CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – (no file)
O4 – HKLM\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 – HKLM\..\RunServices: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5356.exe"
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – HKCU\..\Run: [multitran] C:\WINDOWS\System32\multitran.exe
O4 – HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O21 – SSODL: ECBDFAFE – {1FF03F48–731C–0F7A–0A81–01F8171F0572} – C:\WINDOWS\System32\Cconkpdh.dll (file missing)
O21 – SSODL: mtklefa – {7C3560FB–A9C0–4E36–8AB9–BC0879BCEEBE} – C:\WINDOWS\System32\yjpfv32.dll (file missing)
O21 – SSODL: mtklefap – {648D2522–0FEA–413B–C480–99356CE4FA01} – C:\WINDOWS\System32\vykc32.dll (file missing)
O21 – SSODL: SysTray.Exsl – {6368D5FC–6F5C–4f5b–B164–E67214F67859} – C:\WINDOWS\System32\maneqhmd.dll
O21 – SSODL: SysTray.Exsh – {1768ECFC–4F5C–4f5b–B134–D67294FC78E9} – C:\WINDOWS\System32\gbjbqmfa.dll
I jako podejrzane te wpisy nibymyszy teź bym się pozbył.
C:\WINDOWS\System32\optmouse.exe
C:\WINDOWS\System32\priva.exe
O4 – HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\System32\optmouse.exe
O4 – HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe internat.dll,LoadMouseCarpetProfile
Co log to więcej śmieci.
Tempy wyczyszczone ?
Przywracanie wyłączone ?
Ten Avast to nie przypadkiem tylko niezarejestrowane demo ?
Nie widze źadnego firewalla.
Czy nikogo tutaj nie ma...prosze o pomoc..moze ktos wie co mam usunąć...bo usuwam wirusy, ale wracają...widocznie mam cos jeszcze do usunięcia..kto pomoze...?
Strona 1 / 1