Co jest ??
Moźe mi ktos powiedziec co to za procesy ?? 124837.exe
i5.exe ????
ty jeszcze LOG:
Logfile of HijackThis v1.97.7
Scan saved at 20:04:52, on 2004–12–22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32systime.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet Optimizeractalert.exe
C:WINDOWSSystem32svchost.exe
C:DownloadsHijackThis.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004avciman.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – D:PROGRAMYInternet Download ManagerIDMIECC.dll
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:WINDOWSwsem302.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O8 – Extra context menu item: Download All Links with IDM – D:PROGRAMYInternet Download ManagerIEGetAll.htm
O8 – Extra context menu item: Download with IDM – D:PROGRAMYInternet Download ManagerIEExt.htm
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200
i5.exe ????
ty jeszcze LOG:
Logfile of HijackThis v1.97.7
Scan saved at 20:04:52, on 2004–12–22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32systime.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet Optimizeractalert.exe
C:WINDOWSSystem32svchost.exe
C:DownloadsHijackThis.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004avciman.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – D:PROGRAMYInternet Download ManagerIDMIECC.dll
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:WINDOWSwsem302.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O8 – Extra context menu item: Download All Links with IDM – D:PROGRAMYInternet Download ManagerIEGetAll.htm
O8 – Extra context menu item: Download with IDM – D:PROGRAMYInternet Download ManagerIEExt.htm
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200
Odpowiedzi: 1
Wylacz przywracanie
Wylacz proces:
systime.exe
FIX:
Robiles nakladke XP na 98 ??
Jesli nie to wywal plik i odwołanie
Wywal z dysku i sfixuj wpisy
Wylacz proces:
systime.exe
FIX:
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
Robiles nakladke XP na 98 ??
Jesli nie to wywal plik i odwołanie
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:WINDOWSwsem302.dll
Wywal z dysku i sfixuj wpisy
Strona 1 / 1