kontrola logu

[BEnY]

Ahoj dostal se mi do ruky pravdepodobne dost zavirovany stroj. OS je legalni, ale stary, bohuzel musim pocitac zprovoznit protoze tu je jediny co ma jeste COM port. Zatim sem nainstaloval Avast, Comodo a vycistil CCleanerem (uz Avast toho dost odstranil). Nize tedy prikladam log z HiJackThis a dekuji za rady.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:51 PM, on 24/06/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\User\Local Settings\Application Data\ShieldPlus\spprt\spsvc.exe
C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Application Data\VOPackage\VOsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search? ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Greener Web - {1973d53b-7311-45d7-8270-f44571c041a0} - C:\Program Files\Greener Web\17EF4825-A84D-4566-9C99-E59DEB624502.dll
O2 - BHO: BlockAndSurf - {6FE4EECC-66BE-A414-BB4B-AB1302C02959} - C:\Program Files\-BlockAndSurfS\174.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: BlockAndSurf - {D3EF7DD7-D040-0965-D2C3-A0ECE64E7E98} - C:\Program Files\BlockAndSurfS\173.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll
O3 - Toolbar: (no name) - {3004627E-F8E9-4E8B-909D-316753CBA923} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PrivDogService] "C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
O4 - S-1-5-18 Startup: lollipop.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: lollipop.lnk = ? (User 'Default user')
O4 - Startup: lollipop.lnk = ?
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{603DA493-1057-44B8-B6AF-364AA973EC38}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{913B4C9E-9501-411C-B44D-E64B9F212EBA}: NameServer = 156.154.70.22,156.154.71.22
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: ShieldPlusService (Service) - Shield Plus - C:\Documents and Settings\User\Local Settings\Application Data\ShieldPlus\spprt\spsvc.exe
O23 - Service: Update Greener Web - Unknown owner - C:\Program Files\Greener Web\updateGreenerWeb.exe
O23 - Service: Util Greener Web - Unknown owner - C:\Program Files\Greener Web\bin\utilGreenerWeb.exe
O23 - Service: Service Component of VO (VOsrv) - Unknown owner - C:\Documents and Settings\User\Application Data\VOPackage\VOsrv.exe

--
End of file - 8351 bytes

[vyosek]

Zdravim

To mate nejaky pracovni\firemni stroj??

Nahore je takovej veeeelkej oranzovej obdelnik, zkuste si jej precist

HJT uz je nekolik let nedostatecny...

[BEnY]

take zdravim

ano pocitac je firemni
jsem tu ve firme novy a dostal jsem za ukol rozbehnout stary stroj na rezani desek (na tom nezalezi) dulezite je ze funguje jen s timto pocitacem.

Za HiJack se omlouvam naposledy jsem tu neco resil prave pred lety tak sem ted automaticky nahodil log tak jak sem byl nauceny.

Nicmene bohuzel ani jeden novy program na log mi nefunguje. Viz obrazky
https://drive.google.com/file/d/0B5f_Z8 ... sp=sharing
https://drive.google.com/file/d/0B5f_Z8 ... sp=sharing

[vyosek]

Aha, sdilime sice vase problemy, pozadavky vaseho sefa, ale nesdilime uz vasi vyplatni pasku...

Nase forum se nezabyvam firemnimi PC - je to popsano v pravidlech fora

6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmout. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu pouze domácím uživatelům.

Pokud chcete, muzete vyuzit nasi placene podpory www.neslape.cz

[BEnY]

Nase firma o trech lidech je sice spis takova domacnost ale chapu vas...

[vyosek]

Pokud chcete, na placene podpore se urcite domluvime na nejake rozumne cene...Zde bohuzel, naklady na servis si muzete dat do nakladu na podnikani

Diky za pochopeni, v pripade dotazu mi napiste mail