Problem z Virussami – log HJT
Dziwne sprawy sie dzieją ostatnio z kompem ... net bardzo zwolnił, a ponadto przy starcie systemu mój Avast świruje – przez 3 minuty wyskakuje komunikat o infekcji ... co prawda niemam teraz nazw wirusów pod ręką ale mam log z hjt wiec prosiłbym o jego sprawdzenie i podanie ew. sugestii
Pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 08:26:51, on 2005–12–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\sachostx.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sysc.exe
C:\WINDOWS\system32\sachostc.exe
C:\WINDOWS\system32\sachostb.exe
C:\WINDOWS\system32\sachosts.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.actina.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 – HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 – HKLM\..\RunServices: [Microsoft Office] osa.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=www.actina.pl
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120550127637
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.rav.ro/scan/ravonline.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Unknown owner – C:\Program Files\iPod\bin\iPodService.exe (file missing)
Pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 08:26:51, on 2005–12–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\sachostx.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sysc.exe
C:\WINDOWS\system32\sachostc.exe
C:\WINDOWS\system32\sachostb.exe
C:\WINDOWS\system32\sachosts.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.actina.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 – HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 – HKLM\..\RunServices: [Microsoft Office] osa.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=www.actina.pl
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120550127637
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.rav.ro/scan/ravonline.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Unknown owner – C:\Program Files\iPod\bin\iPodService.exe (file missing)
Odpowiedzi: 3
Jasne, ze trzeba to usunac. A nie zaznaczyłem bo początek listy to procesy, które najpierw trzeba ubić w tasku.
Witam
Czy mogę śmiało usunąć wpisy pogrubione czy wszystkie podane – poniewaź jak sobie przypominam to wpisy:
C:\WINDOWS\system32\sachostc.exe
C:\WINDOWS\system32\sachostb.exe
C:\WINDOWS\system32\sachosts.exe
były wskazywane przez mój progs AV jako zaraźone
Czy mogę śmiało usunąć wpisy pogrubione czy wszystkie podane – poniewaź jak sobie przypominam to wpisy:
C:\WINDOWS\system32\sachostc.exe
C:\WINDOWS\system32\sachostb.exe
C:\WINDOWS\system32\sachosts.exe
były wskazywane przez mój progs AV jako zaraźone
Świruje bo ma powody, powodem tym jest kupa robactwa.
C:\WINDOWS\sachostx.exe
C:\WINDOWS\system32\sysc.exe
C:\WINDOWS\system32\sachostc.exe
C:\WINDOWS\system32\sachostb.exe
C:\WINDOWS\system32\sachosts.exe
O4 – HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 – HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 – HKLM\..\RunServices: [Microsoft Office] osa.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
Strona 1 / 1