CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Proszę o sprawdzenie loga.

Proszę o sprawdzenie loga.

Trzeba wyłaczyć przywracanie systemu, usunąć w trybie awaryjnym zainfekowane wpisy.

I co dalej? Ten poprawiony log z Hijacka pod jaką nazwą zapisujemy i gdzie go kopiujemy.

Logfile of HijackThis v1.99.1
Scan saved at 17:29:55, on 2006-09-18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\msconfigsu.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
c:\drsmartload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\TomekM\Pulpit\hijackthis.com
c:\nwnmff_e7.exe
c:\dfndrff_e7.exe
c:\dfndrff_e7.exe
c:\kybrdff_e7.exe
c:\kybrdff_e7.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e7.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e7.exe
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D47B36D-EE5C-4E29-849F-C7CB5F99EE57}: NameServer = 194.106.192.2,217.79.144.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D47B36D-EE5C-4E29-849F-C7CB5F99EE57}: NameServer = 194.106.192.2,217.79.144.26
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D47B36D-EE5C-4E29-849F-C7CB5F99EE57}: NameServer = 194.106.192.2,217.79.144.26
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Odpowiedzi: 1

To jest log wykonany po usunieciu "gosci" ?

Przywracanie mozna wylaczyc, jesli nie wiesz kiedy sie zaraziles. Jesli wiesz, usuwasz tylko punkty przywracania wykonane po tej dacie.
Wpisow nie usuwa sie w trybie awaryjnym. W trybie awaryjnym ewentualnie usuwa sie pliki.
O co chodzi z logiem ?

EL NINO

Dodano: 19.09.2006 20:39:55

gamera76

Dodano:: 18.09.2006 20:01:48
Komentarzy:: 1

Strona 1 / 1