proszę o sprawdzenie loga
Proszę o sprawdzenie log'a i podpowiedzenie jaki program antywirusowy jest dobry??
Logfile of HijackThis v1.99.1
Scan saved at 18:53:28, on 2005–03–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programy\VMware Workstation\vmware–authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Programy\eDonkey2000\edonkey2000.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Programy\MYIE2\MyIE.exe
C:\Documents and Settings\Kupa\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O4 – HKLM\..\Run: [GameXL] "C:\Programy\gejm akcelerator\Game Accelerator Standard\gamexl.exe"
O4 – HKLM\..\RunServices: [Configuration Loader] cnfgld32.exe
O4 – HKCU\..\Run: [Komunikator] C:\Programy\1Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Programy\IrfanView\Ebay\Ebay.htm
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104753488250
O17 – HKLM\System\CCS\Services\Tcpip\..\{7364799F–6EF6–4F38–8FF2–E8118507E79B}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: VMware Authorization Service (VMAuthdService) – Unknown owner – C:\Programy\VMware Workstation\vmware–authd.exe
O23 – Service: VMware DHCP Service (VMnetDHCP) – VMware, Inc. – C:\WINDOWS\System32\vmnetdhcp.exe
O23 – Service: VMware NAT Service – Unknown owner – C:\WINDOWS\System32\vmnat.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:53:28, on 2005–03–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programy\VMware Workstation\vmware–authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Programy\eDonkey2000\edonkey2000.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Programy\MYIE2\MyIE.exe
C:\Documents and Settings\Kupa\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O4 – HKLM\..\Run: [GameXL] "C:\Programy\gejm akcelerator\Game Accelerator Standard\gamexl.exe"
O4 – HKLM\..\RunServices: [Configuration Loader] cnfgld32.exe
O4 – HKCU\..\Run: [Komunikator] C:\Programy\1Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Programy\IrfanView\Ebay\Ebay.htm
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104753488250
O17 – HKLM\System\CCS\Services\Tcpip\..\{7364799F–6EF6–4F38–8FF2–E8118507E79B}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: VMware Authorization Service (VMAuthdService) – Unknown owner – C:\Programy\VMware Workstation\vmware–authd.exe
O23 – Service: VMware DHCP Service (VMnetDHCP) – VMware, Inc. – C:\WINDOWS\System32\vmnetdhcp.exe
O23 – Service: VMware NAT Service – Unknown owner – C:\WINDOWS\System32\vmnat.exe
Odpowiedzi: 2
Wylaczasz przywracanie, killujesz proces cnfgld32.exe (SDBOT TROJAN) w menedzerze zadan i wywalasz go z dysku. Na koniec fixujesz ponizsze pozycje:
A co do antywirusa to ja uzywam kasperskiego.
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O4 – HKLM\..\RunServices: [Configuration Loader] cnfgld32.exe
A co do antywirusa to ja uzywam kasperskiego.
chyba nie ma nic specjalnego ale poczekaj na wypowiedź kogoś bardziej doświadczonego :D
co do antywirów wpisz w szukajke antywir i znajdzie ci pełno tematów na ten temat.ja ze swojej strony polecam nod32.pozdrawiam
co do antywirów wpisz w szukajke antywir i znajdzie ci pełno tematów na ten temat.ja ze swojej strony polecam nod32.pozdrawiam
Strona 1 / 1