Mitarashi Napisano 2 Czerwca 2011 Zgłoś Napisano 2 Czerwca 2011 (edytowane) Odrazu zaczne od logu z HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:26:58, on 2011-06-02Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\Program Files\Gigabyte\EasySaver\ESSVR.EXEC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\LogMeIn Hamachi\hamachi-2.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Vtune\TBPanel.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\uTorrent\uTorrent.exeC:\Documents and Settings\Admin\Moje dokumenty\Menu Start\Programy\Autostart\WinSvc.exeC:\WINDOWS\system32\WISPTIS.EXEC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://search.conduit.com?SearchSource=10&ctid=CT2508618]http://search.conduit.com?SearchSource=10&ctid=CT2508618[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=]http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.bigseekpro.com/hypercam/{B7F18299-9B94-4140-87A3-73E95F8359DE}]Homepage[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url=http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=]http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s]http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dllR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllR3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dllR3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dllR3 - URLSearchHook: Soft32 Toolbar - {d1fce654-5fd1-48ad-b13c-5064736120b7} - C:\Program Files\Soft32\prxtbSoft.dllR3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dllR3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dllR3 - URLSearchHook: Bflix1 Toolbar - {3d8ff719-f23c-4130-bde1-61ed2cc017b0} - C:\Program Files\Bflix1\prxtbBfl0.dllR3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dllR3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH0.dllR3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)R3 - URLSearchHook: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dllO2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH0.dllO2 - BHO: Bflix1 - {3d8ff719-f23c-4130-bde1-61ed2cc017b0} - C:\Program Files\Bflix1\prxtbBfl0.dllO2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dllO2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dllO2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dllO2 - BHO: softonic-de3 - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dllO2 - BHO: Soft32 - {d1fce654-5fd1-48ad-b13c-5064736120b7} - C:\Program Files\Soft32\prxtbSoft.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dllO3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dllO3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: Soft32 Toolbar - {d1fce654-5fd1-48ad-b13c-5064736120b7} - C:\Program Files\Soft32\prxtbSoft.dllO3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dllO3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: Bflix1 Toolbar - {3d8ff719-f23c-4130-bde1-61ed2cc017b0} - C:\Program Files\Bflix1\prxtbBfl0.dllO3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dllO3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dllO3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH0.dllO3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\No1 Video Converter\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [WinDefender] C:\WINDOWS\Wincft.exeO4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe" /md IO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /AO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exeO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Fraps] C:\CALYFRAPS\FRAPS.EXEO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: WinSvc.exeO8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{2E366060-821D-413B-99C1-7CA394D717D5}: NameServer = 192.168.2.254,192.204.152.34O17 - HKLM\System\CS1\Services\Tcpip\..\{2E366060-821D-413B-99C1-7CA394D717D5}: NameServer = 192.168.2.254,192.204.152.34O17 - HKLM\System\CS2\Services\Tcpip\..\{2E366060-821D-413B-99C1-7CA394D717D5}: NameServer = 192.168.2.254,192.204.152.34O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXEO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe--End of file - 15369 bytes Nazwa Wirusa: Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'E:\System Volume Information\_restore{43FE2F6B-0B33-43ED-A78E-0219E2DC7361}\RP78\A0061016.dll. Action performed: Deny access Nazwa Wirusa: Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'D:\System Volume Information\_restore{43FE2F6B-0B33-43ED-A78E-0219E2DC7361}\RP74\A0054678.exe. Action performed: Deny access Wykrył: Avira Anty Vir Proszę o pomoc! przez niego niekiedy tracę internet! gdy coś jeszcze podaj jakiś inny log to pisać! Edytowane 2 Czerwca 2011 przez Mitarashi Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 4 Czerwca 2011 Zgłoś Napisano 4 Czerwca 2011 Napisales w zlym dziale, dales bezuzyteczny log, do tego pliki z przywracania nie sa aktywne i nic przez nie nie tracisz. Wylacz na chwile przywracanie systemu to znikna. Zrob skan przy pomocy mbam oraz cureit. Odinstaluj te wszystkie Toolbary, daj oba logi z OTL (na wklej.org i podaj linki). Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
