Prośba o sprawdzenie logów HijackThis


(Idek28) #1

Witam,

Czy szanowne grono forumowiczów zerknęło by na log z HijackThis?

Komputer ostatnio mi zwolnił i myślę że w logu coś będzie można znaleźć.

LOG: http://wklej.org/id/595805/

Pozdrawiam


(Agatonster) #2

volcanoo ,

Proszę zapoznać się z tematem i poprawić tytuł na konkretny, mówiący o problemie, w poście dokładnie opisać problem. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(Idek28) #3

Napisałem nowy post, temat do usunięcia.


(Daniello0569) #4

witam

proszę o pomoc w naprawie systemu. Od pewnego czasu u córki na laptopie w systemie XP zniknął panel sterowania. Na wszystkich kontach, łacznie z kontem administratora pojawia sie komunikat ze brak uprawnień nawet do wyswietlenia własciwości komputera. Nic nie pomogło przywracanie systemu po uruchomieniu awaryjnym. Córka korzysta często z róznych portali społecznościowych i pewnie zaciagnęła jakiegoś wirusa ponieważ zapomniała o antywirusie (AVIRA) i nie aktualizowała. Firewall to comodo. Wiem ze temat był wiele razy poruszany ale wpisuję tu z prośbą o sprawdzenie logów w HIJACKTHIS. Z góry dziękuję i proszę o dokładne wskazówki jak co wykonać.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:02:16, on 2011-09-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Stardock\MyColors\wbload.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

c:\program files\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Documents and Settings\Komputer domowy\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gazeta.pl/0,0.html?p=108

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst& ... T18:13:16Z

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&c ... .5.18000.3

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')

O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe (User 'Default user')

O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip..{A0000B79-6C9D-457E-B42D-94FBDC1F6098}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CCS\Services\Tcpip..{ADEA1E38-AE32-483C-AD0C-B4328F9FA8F7}: NameServer = 89.108.195.20 217.17.34.10

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\bin\jqs.exe

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

--

End of file - 6219 bytes

-- Dodane 21.09.2011 (Śr) 21:14 --

wklejam jeszcze raport F-Secure:

Scanning Report

Wednesday, September 21, 2011 20:36:48 - 21:12:58

Computer name: HP-87E0F730FDB8

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

5 malware found

Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

Trojan.Generic.KDV (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES\KOPRIN\RODOS_PK 2010\POMOC\POMOC.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES\JOWOOD\GOTHIC II ZŁOTA EDYCJA\SYSTEM\GOTHIC2.EXE (Not cleaned)

Statistics

Scanned:

Files: 31589

System: 4352

Not scanned: 11

Actions:

Disinfected: 3

Renamed: 0

Deleted: 0

Not cleaned: 2

Submitted: 1

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\RECYCLER\S-1-5-21-861567501-562591055-725345543-500\DC1.EXE

C:\RECYCLER\S-1-5-21-861567501-562591055-725345543-500\DC3.EXE

C:\DOCUMENTS AND SETTINGS\KOMPUTER DOMOWY\USTAWIENIA LOKALNE\TEMP\HSPERFDATA_KOMPUTER DOMOWY\2872

C:\DOCUMENTS AND SETTINGS\KOMPUTER DOMOWY\USTAWIENIA LOKALNE\TEMP\HSPERFDATA_KOMPUTER DOMOWY\3524

C:\DOCUMENTS AND SETTINGS\JUSTYNA\DANE APLIKACJI\SUN\JAVA\DEPLOYMENT\CACHE\6.0\7\143B51C7-50136A8D

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.