Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

[LOG] Hijack This

#1
[LOG] Hijack This
Witam!
Bardzo prosił bym o sprawdzenie loga , dziękuje : )


Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:47:31, on 2011-05-31
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
H:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
H:\Program Files (x86)\Steam\Steam.exe
H:\Program Files (x86)\Nowe Gadu-Gadu\gg.exe
H:\Users\Piotrek\Bluebirds\BlueBirds.exe
H:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
H:\Program Files (x86)\SpeedFan\speedfan.exe
H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
H:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
H:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
H:\Windows\SysWOW64\CtHelper.exe
H:\Program Files (x86)\Nowe Gadu-Gadu\spellchecker_gg.exe
H:\Program Files (x86)\Opera\opera.exe
H:\Program Files (x86)\uTorrent\uTorrent.exe
H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - H:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [avgnt] "H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "H:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "H:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [amd_dc_opt] H:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "H:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "H:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "H:\Program Files (x86)\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [bluebirds] H:\Users\Piotrek\Bluebirds\BlueBirds.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Startup: SpeedFan.lnk = H:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @H:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - H:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @H:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @H:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - H:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - H:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - H:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - H:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - H:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - H:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - H:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - H:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - H:\Windows\SysWOW64\lktsrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - H:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - H:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - H:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - H:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - H:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - H:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - H:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia - H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - H:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - H:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - H:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - H:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - H:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - H:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - H:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - H:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - H:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - H:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - H:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13013 bytes
 System operacyjny: windows_seven Przeglądarka: opera
#2
RE: [LOG] Hijack This
Zapoznaj się z tym i tym.

Odinstaluj programy do emulacji wirtualnych napędów i usuń sterownik sptd.sys.
Cytat:Systemy 64-bitowe z rodziny Windows - Windows XP i nowsze:
*) OTL
http://forum.pcformat.pl/ComboFix-uzywam...TL-OPISY-t
Pokazujemy dwa pliki - OTL.txt oraz Extras.txt. Zostaną one utworzone w tym samym katalogu, z którego został uruchomiony program OTL.

*) RSIT
http://forum.pcformat.pl/ComboFix-uzywam...TL-OPISY-t
Wystarczy pokazać plik log.txt
Używamy 64-bitowej wersji RSIT:
http://images.malwareremoval.com/random/RSITx64.exe

*) Silent Runners
http://www.silentrunners.org/

*) MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe
Proszę pokazać tylko raport, nie kontynuować leczenia na własną rękę. Raport zostanie zapisany na pulpicie.

*) TDSS Killer:
http://support.kaspersky.com/viruses/sol...=208280684
Podczas skanowania komputera w pierwszym podejściu wybieramy akcję Skip (Pomiń), jeśli zostanie znaleziony podejrzany sterownik.
Wszystkie logi pojedynczo wklej na http://www.wklej.org. Daj link.
[Obrazek: 21687.png][Obrazek: 32603.png]


Interesujesz się informatyką? Chcesz pomóc lub może szukasz pomocy? Dołącz do nas i pomóż rozwijać stronę...
http://www.informatrik.za.pl/ - Portal i forum. Wejdź i sam się przekonaj.
 System operacyjny: windows_seven Przeglądarka: firefox
Programy: Polecane / Nowe / Inne




Podobne wątki ([LOG] Hijack This)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  hijack.host elwis_95 2 5913 26.03.2018, 19:16
Ostatni post: ~Anonim
  Samootwierające się strony/reklamy - hijack browser? Larvock 4 4136 01.10.2015, 23:13
Ostatni post: Larvock
  Błąd podczas Tworzenia logu Hijack This johhny95 0 2885 16.03.2015, 15:06
Ostatni post: johhny95

Skocz do:


Wybrane wątki ([LOG] Hijack This)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Samoistne włączanie się strony z grami po starcie systemu. Jurassa 4 4353 18.11.2018 02:02
Ostatni post: Jurassa
  Automatyczne otwieranie się przegladarki po włączeniu komputera No65 3 4241 15.11.2018 23:55
Ostatni post: morderca
Exclamation skróty na pendrivie sendlaksz 10 9173 29.10.2018 22:54
Ostatni post: sendlaksz
  Uciażliwe przejecie kontroli deathman 0 4180 29.10.2018 17:10
Ostatni post: deathman
  Chromium-niemożliwe do usunięcia alicja1956 15 1689 27.10.2018 22:31
Ostatni post: Illidan
  Samoczynnie otwierająca się przeglądarka z reklamami Piker 15 8710 26.10.2018 16:44
Ostatni post: morderca
  Samoczynne otwieranie sie stron z reklamami Waciaty 5 4225 25.10.2018 20:29
Ostatni post: morderca
  ŁĄCZNOŚĆ qwenn1239 2 4039 25.10.2018 14:05
Ostatni post: Officer Crabtree
  Samoistne włączanie się wiersza poleceń po starcie systemu wraz z przeglądarką Jurassa 8 6547 23.10.2018 14:33
Ostatni post: morderca
  Skrót pendriva stevie1 14 8181 14.10.2018 17:40
Ostatni post: stevie1
  Czyszczenie Pliku Wymiany przy zamykaniu komputera Gugi 2 4177 14.10.2018 16:57
Ostatni post: Gugi
  Po aktualizacji Bitdefender blokuje Outlooka eremo 2 4146 11.10.2018 13:11
Ostatni post: eremo
  Nymaim MarcelDuncan 8 5592 04.10.2018 14:46
Ostatni post: MarcelDuncan
  czy defender wystarczy bungar 1 4258 04.10.2018 13:43
Ostatni post: morderca
  Internet mobilny a bezpieczeństwo komputera? sedor 4 6739 02.10.2018 10:15
Ostatni post: Bartosz858