CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo IE strona startowa i serach page

IE strona startowa i serach page

Czytałem o tym w przyklejonym wątku. Chodzi mi oczywiście os strone która włacza sie przy uruchomieniu IE. Sprawdziłem kompa Pandą.Ona cos znalazła i usuneła ale dzis znów jest to samo. Sprawdzałem Ad–awarem i to samo . Kilka rzeczy znalazł ale dzis one są znowu.

To mój LOG:

Logfile of HijackThis v1.97.7
Scan saved at 09:38:40, on 2004–12–30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesGadu–Gadugg.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:DownloadsHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://win–eto.com/sp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://win–eto.com/sp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/sp.htm?id=9
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://win–eto.com/sp.htm?id=9
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=9
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem32LCDPWV~1.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRAMYFlashGetfgiebar.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O8 – Extra context menu item: Download All by FlashGet – D:PROGRAMYFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:PROGRAMYFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O15 – Trusted Zone: *.greg–search.com
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200

Odpowiedzi: 3

Wylaczyc przywracanie, sciagnij program CWShredder i przeskanuj nim system. Nastepnie wyrejestruj tego dlla fedc.dll (skladnia: regsvr32 /u C:WINDOWSSystem32fedc.dll) i usun go z dysku. A na koniec fix nizej wymienionych pozycji

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {D5865AB1–2B75–4B2E–AD5A–0957C5CBB517} – C:WINDOWSSystem32fedc.dll
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O15 – Trusted Zone: http://*.www.wp.pl
wins
Dodano
05.01.2005 19:07:09
zrobiłem tak
1.Wyłączyłem przywracanie
2.Zrobiłem Fix'a tego co tam napisałes
3.wŁaczyłem przywracanie

NIO i za chwile włączam Hij.. jeszcze raz skanuje ponownie i teraz

Logfile of HijackThis v1.97.7
Scan saved at 15:54:41, on 2005–01–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:PROGRAMYHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {D5865AB1–2B75–4B2E–AD5A–0957C5CBB517} – C:WINDOWSSystem32fedc.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: Download All by FlashGet – D:PROGRAMYFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:PROGRAMYFlashGetjc_link.htm
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O15 – Trusted Zone: http://*.www.wp.pl
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200
bystry77
Dodano
05.01.2005 16:56:49
Wylaczasz przywracanie i dopiero fixujesz wpisy

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://win–eto.com/sp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://win–eto.com/sp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/sp.htm?id=9
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=9
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://win–eto.com/sp.htm?id=9
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=9
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem32LCDPWV~1.DLL
O15 – Trusted Zone: *.greg–search.com
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
wins
Dodano
30.12.2004 16:16:50
bystry77
Dodano:
30.12.2004 10:34:14
Komentarzy:
3
Strona 1 / 1