kolacz17
(Jar3k Kolacz)
15 Marzec 2007 16:00
#1
otoz nie dzilaja mi przegladarki FireFox i Internet Explorer, innych nie sprawdzalem.
lecz komunikatory np GG i gry mi dzialaja przez necik… przgladarki nie widza polaczenia z netem… kontaktowalem sie z dostawca netu i powiedzial ze wszystkie porty mam odblokowane… prosze o sprawdzenie loga z HiJack This
P.S pisze to z poziomu linuxa
Logfile of HijackThis v1.99.1 Scan saved at 16:41:58, on 2007-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jar3k\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip…{5D3AA090-93AD-41E5-A1D5-31F8D8331138}: NameServer = 85.255.114.55,85.255.112.21 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
adam9870
(adam9870)
15 Marzec 2007 16:09
#2
O17 - HKLM\System\CCS\Services\Tcpip…{5D3AA090-93AD-41E5-A1D5-31F8D8331138}: NameServer = 85.255.114.55,85.255.112.21 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Usuń wpisy HJT.
Użyj narzędzia FixWareOut .
Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku c:\fixwareout\report.txt
kolacz17
(Jar3k Kolacz)
15 Marzec 2007 17:44
#3
no wiec usunalem wpisy w HiJack this lecz nic nie pomoglo;/ niestety nie moge uuzyc tego narzedzia bo uzywam linuxa live cd i nie moge zapisywac na dysku nic;/ no i z silent runners tez nie wkleje loga poniewaz nie mam go na dysku a sciagac jak wczesniej wspomnialem tez nie moge;/ Help me :mrgreen:
adam9870
(adam9870)
15 Marzec 2007 19:47
#4
A nie możesz uruchomić systemu Windows, zrobić na nim to co trzeba, logi zapisać w danym miejscu, a spod Linuksa tylko wysłać te logi na forum?