logo elektroda
logo elektroda
X
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

Prosze o sprawdzenie loga

donkaroluss 20 Cze 2005 16:13 1408 2
REKLAMA
  • #1 1592856
    donkaroluss
    Poziom 12  
    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:00, on 20.06.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Programme\Pinnacle\Shared Files\remoterm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Programme\MouseWare\MouseWare\System\Em_exec.exe
    C:\Programme\Skype\Phone\Skype.exe
    C:\Programme\Messenger\msmsgs.exe
    K:\Programy\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1031
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O4 - HKLM\..\Run: [CorelDRAW ESSENTIALS14] C:\Programme\Corel\CorelDRAW ESSENTIALS 2\Register\Registration.exe /title="CorelDRAW ESSENTIALS" /date=062905 serial=ES02WBG-0090091-CML
    O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [PinnacleRemote] C:\Programme\Pinnacle\Shared Files\remoterm.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\RunServices: [Media Player] C:\Programme\Windows Media Player\wmplayer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [System Startup] voltio.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: aiumkryumsma (yipptvwp5) - Unknown owner - C:\WINDOWS\system32\vkwemomq5.exe (file missing)
  • REKLAMA
  • Pomocny post
    #2 1593008
    Kolobos
    Spec od komputerów
    Usun to:
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O4 - HKCU\..\Run: [System Startup] voltio.exe
    O23 - Service: aiumkryumsma (yipptvwp5) - Unknown owner - C:\WINDOWS\system32\vkwemomq5.exe (file missing)

    Usun z dysku:
    C:\windows\system32\voltio.exe

    Przeskanuj tez tym:
    http://download.microsoft.com/download/8/1/5/...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

    Co do tego to nie wiem:
    O4 - HKLM\..\RunServices: [Media Player] C:\Programme\Windows Media Player\wmplayer.exe

    Sprawdz go tym:
    http://virusscan.jotti.org/

    Niby w tym katalogu powinien byc Media Player ale po co startuje przy starcie systemu?
    Wyglada to na tego trojana:
    http://www.sophos.com/virusinfo/analyses/trojpsymebp.html
  • #3 1593256
    donkaroluss
    Poziom 12  
    Kolobos. Wielkie dzieki (tak po cichu liczylem na Twoja pomoc - punkciki znowu dla Ciebie)!
    Sprawdzilem tego wmplayer.exe i jest czysty. Przeskanowalem go na tej stronce co mi podales i "status-OK". Przelecialem MicrosoftAntiSpyware i nic, jezeli chodzi o tem konkretny plik. Sprawdzilem tez w msconfig i plik ten nie jest odhaczony, czyli nie powinien sie ladowac. A wiec nie wiem czemu sie laduje przy starcie. Pozdrawiam!!! I jeszcze raz Dzieki!
REKLAMA