MyCity » Ambulanta -> Arhiva Ambulante » HijackThis log?

HijackThis log?

Napisano na dan: 2.8.2011

HijackThis log?
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Avg 2011 01:16
Idi na vrh
offline
  • Pridružio: 02 Avg 2011
  • Poruke: 26
  • Gde živiš: Stradija

Zdravo, prvi put sam na ovom forumu, pa mi ne zamerite ako vidite da ne znam nešto što bi možda trebalo da se zna, ne razumem se preterano. Smile Elem, računar mi se u poslednje vreme koči, pokrenuti programi zastajkuju, ukoči se čitav ekran i ne mogu da pomerim prozore po nekoliko sekundi itd. Pritom, imam problema sa ulogovanjem npr na Gmail, sa otvaranjem nekih internet sajtova, i to intenzivno u poslednjih par nedelja. Lutajući po Googlu naišla sam između ostalog na program Hijack This, i njime skenirala komp, pa me zanima kako mogu da postavim log ovde, i da li neko može da mi ga protumači? Unapred hvala, Marija

Poslao: 02 Avg 2011 01:21
Idi na vrh
offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16586

Pozdrav, Marija

Za analizu malicioznih programa treba da postaviš određene izveštaje (logove), prema sledećem uputstvu:
[Link mogu videti samo ulogovani korisnici]

Poslao: 02 Avg 2011 01:29
Idi na vrh
offline
  • Pridružio: 02 Avg 2011
  • Poruke: 26
  • Gde živiš: Stradija

Napisano: 02 Avg 2011 1:28

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by PC at 1:24:39 on 2011-08-02
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1791.857 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = about:blank
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} -
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} -
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No File
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} -
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} -
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\pc\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [Link mogu videti samo ulogovani korisnici]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici]
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{121745F9-595B-491C-B7CF-45DBC2165C7C} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 178.21.113.74 [Link mogu videti samo ulogovani korisnici]
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-8-7 1358720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> d:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-01 22:19:39 388096 ----a-r- c:\documents and settings\pc\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-01 22:19:38 -------- d-----w- c:\program files\Trend Micro
2011-08-01 16:05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 01:16:24 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-08-01 01:16:20 -------- d-----w- c:\program files\Security Task Manager
2011-07-31 23:31:07 -------- d-----w- c:\documents and settings\pc\application data\POP Peeper
2011-07-31 21:11:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 21:11:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-31 20:46:03 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2011-07-28 18:02:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-28 02:14:21 -------- d-----w- c:\documents and settings\pc\application data\XemiComputers
2011-07-28 02:14:03 -------- d-----w- c:\program files\XemiComputers
2011-07-27 23:41:01 -------- d-----w- c:\program files\TGTSoft
2011-07-27 23:32:19 -------- d-----w- c:\program files\Transparent TaskBar
2011-07-27 14:32:47 -------- d-----w- c:\program files\RocketDock
2011-07-27 12:16:22 -------- d-----w- c:\documents and settings\pc\application data\URSoft
2011-07-27 12:16:13 -------- d-----w- c:\program files\Your Uninstaller! 7
2011-07-26 01:28:57 -------- d-----w- c:\documents and settings\pc\local settings\application data\Clock_22
2011-07-25 22:29:51 -------- d-----w- c:\documents and settings\all users\application data\YouTube Downloader
2011-07-13 13:13:25 -------- d-----w- c:\program files\Winamp Detect
2011-07-09 11:38:39 -------- d-----w- c:\documents and settings\pc\application data\FOG Downloader
2011-07-08 11:40:12 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-08 10:40:16 -------- d-----w- c:\program files\Cheat Engine 6.1
2011-07-07 21:38:53 -------- d-----w- c:\documents and settings\pc\application data\.minecraft
.
==================== Find3M ====================
.
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 22:03:08 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
.
============= FINISH: 1:25:01,67 ===============

[Link mogu videti samo ulogovani korisnici]

Dopuna: 02 Avg 2011 1:29

Nadam se da sam dobro odradila i ne zamerite ako se nisam baš snašla. Smile

Poslao: 02 Avg 2011 01:36
Idi na vrh
offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16586

Pažljivo pročitaj uputstvo, korak po korak. Pravilno si postavila DDS i Attach log. Fale ti GMER logovi (3 GMER izveštaja) ili RootRepeal izveštaj, ukoliko GMER ne može da se pokrene ili ne radi stabilno.

Samo polako i strpljivo. Smile

Poslao: 02 Avg 2011 13:17
Idi na vrh
offline
  • Pridružio: 02 Avg 2011
  • Poruke: 26
  • Gde živiš: Stradija

Napisano: 02 Avg 2011 1:55

Probala sam da skeniram računar GMERom i računar se restartovao. Je l' to uobičajeno? Probaću sad ovim Root Repealom, pa ću videti šta će biti... Hvala na strpljenju. Smile

Dopuna: 02 Avg 2011 13:17

Nakon što se računar restartovao usred skeniranja GMERom, probala sam da ga skeniram RootRepealom. Skeniranje je trajalo satima, i nije bilo izgleda da će da se završi. Međutim, u jednom trenutku se sve zakočilo, probala sam da ga restartujem ručno, i nije hteo, a nije hteo ni da se ugasi na dugme na kućištu, pa sam morala da vadim kabl iz struje. Nakon paljenja sam probala opet da skeniram, i onda se komp opet zakočio. Ne znam šta da mu radim sad?

Poslao: 02 Avg 2011 14:52
Idi na vrh
offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16586

Probaćemo sa još jednim programom Smile


Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

Poslao: 04 Avg 2011 14:17
Idi na vrh
offline
  • Pridružio: 02 Avg 2011
  • Poruke: 26
  • Gde živiš: Stradija

Zaista se zahvaljujem na pomoći, ali sam shvatila da mi je računar pretrpan svim i svačim, i nemam strpljenja da ga čistim, pa sam instalirala (legalni) Windows 7, i sada imam čist i poluprazan računar. Izvinite što nisam imala strpljenja da rešavam slučaj ovde u ambulanti, sigurna sam da biste mi pomogli. Smile
Hvala na svemu, pozzzz

Poslao: 04 Avg 2011 16:29
Idi na vrh
offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16586

Hvala što si nam ukazala poverenje Smile



Evo nekih preporuka kako da ti sistem bude zaštićen:


Arrow Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa ovog linka. Nakon instalacije priključiš USB memorijske uređaje, koji će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Arrow Nemoj instalirati nelegalne antivirusne programe. Imaš besplatne varijante koje treba redovno ažurirati. Takođe, Firewall drži uključen.


Pozdrav

MyCity » Ambulanta -> Arhiva Ambulante » HijackThis log?

Ko je trenutno na forumu
 

Ukupno su 954 korisnika na forumu :: 49 registrovanih, 9 sakrivenih i 896 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Andrija357, Apok, babaroga, belov, bojanM84, BOXRR, brkan1, calvi, ccoogg123, dekan.m, draganl, E_Kurir, flash12, Gall, Georgius, Haris, ILGromovnik, ivan1973, Jeremiah, Karaula, kolle.the.kid, kunktator, kybonacci, laurusri, lord sir giga, Marko Marković, MB120mm, mercedesamg, Mercury, Milo97, Milometer, nemkea71, nevjerna beba, nsharambasa, nuke92, ozzy, pein, pera bager, procesor, raf87, raptorsi, S2M, savaskytec, Srki94, TheDictator, Tumansky, vladaa012, XBMC, zajcev1