CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo prośba o sprawdzenie loga

prośba o sprawdzenie loga

Prosze o przeanalizowanie loga:
Logfile of HijackThis v1.97.7
Scan saved at 15:09:07, on 2004–11–04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:PROGRA~1NORTON~1NORTON~4GHOSTS~2.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGadu–Gadugg.exe
C:DownloadsHijackThis.exe
C:Program FilesMessengermsmsgs.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O1 – Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetJccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet SecurityUrlLstCk.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {3E68E405–C6DE–49FF–83AE–41EE9F4C36CE} (Office Update Installation Engine) – http://office.microsoft.com/officeupdate/content/opuc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096894135688
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38182.1788310185
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Z góry dziękuję i pozdrawiam.

Odpowiedzi: 2

dzięki
bluzgmaster
Dodano
04.11.2004 16:19:17
Tylko to:
R3 – Default URLSearchHook is missing
O1 – Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
Bobi
Dodano
04.11.2004 16:16:42
bluzgmaster
Dodano:
04.11.2004 16:12:11
Komentarzy:
2
Strona 1 / 1