CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Koleyny Spyware pocy!!! oto log z hijackthis. Co robić?

Koleyny Spyware pocy!!! oto log z hijackthis. Co robić?

Logfile of HijackThis v1.97.7
Scan saved at 22:36:32, on 2004–10–11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesSoundMAXSMTray.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesRivaTunerRivaTuner.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE
C:Program FilesSlySoftAnyDVDAnyDVD.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesCanopus SharedProCoder 2KernelPNXSERVR.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSystem32devldr32.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program Files otalcmdTOTALCMD.EXE
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumFirewallPavFires.exe
C:Program FilesPanda SoftwarePanda Antivirus Platinumpavsrv51.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAVENGINE.EXE
C:Program FilesPanda SoftwarePanda Antivirus PlatinumpavProxy.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1FreddyUSTAWI~1Temp\_tcHijackThis.exe

R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.com%00@www.e–finder.cc/hp/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
O2 – BHO: (no name) – {834261E1–DD97–4177–853B–C907E5D5BD6E} – C:WINDOWSdpe.dll (file missing)
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O4 – HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [RivaTuner] "C:Program FilesRivaTunerRivaTuner.exe" /T
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [SCANINICIO] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [AnyDVD] C:Program FilesSlySoftAnyDVDAnyDVD.exe
O4 – HKLM..Run: [PinnacleDriverCheck] C:WINDOWSSystem32PSDrvCheck.exe
O4 – HKLM..Run: [NexusServer] "C:Program FilesCommon FilesCanopus SharedProCoder 2KernelPNXSERVR.exe" –SelfLaunch
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O13 – DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 – WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Odpowiedzi: 1

Napraw :

R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.com%00@www.e–finder.cc/hp/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://homepage.com%00@www.e–finder.cc/search/ (obfuscated)
O2 – BHO: (no name) – {834261E1–DD97–4177–853B–C907E5D5BD6E} – C:WINDOWSdpe.dll (file missing)
O13 – DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 – WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

Drugi raz ta samo strona :shock:

McScr@by

Dodano: 12.10.2004 01:33:37

FreddyK

Dodano:: 12.10.2004 00:48:55
Komentarzy:: 1

Strona 1 / 1