CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Mam podmienioną strone główną przeglądarki.System działa nien stabilnie.Skanowałem spybootem,pandą.Mimo tego,źe usunęło kilka rzeczy komp działa wadliwie.Logfile of HijackThis v1.99.0
Scan saved at 17:30:35, on 04–12–26
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004PSIMSVC.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMATITASK.EXE
C:WINDOWSSYSTEMATICWD32.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004APVXDWIN.EXE
C:WINDOWSSYSTEMIEDBG.EXE
C:WINDOWSDANE APLIKACJIAEEB.EXE
C:WINDOWSSYSTEMKSEIQG.EXE
C:ATIATIDESKATISCHED.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004WEBPROXY.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSSYSTEMWINOA386.MOD
D:TYMCZASOWYHIHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {1784F4C5–472B–10FB–5663–393650EEAFC5} – C:WINDOWSSYSTEMEQMG.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHELPER.DLL
O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Atikey] Atitask.exe
O4 – HKLM..Run: [AtiCwd32] Aticwd32.exe
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [iedbg] C:WINDOWSSYSTEMiedbg.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 – HKLM..RunServices: [PavProc] "C:Program FilesCommon FilesPanda SoftwarePavShldPavPrS9x.exe"
O4 – HKLM..RunServices: [PSIMSVC] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PSIMSVC.exe"
O4 – HKCU..Run: [Rrip] C:WINDOWSDane aplikacjiaeeb.exe
O4 – HKCU..Run: [Gvptwmoz] C:WINDOWSSYSTEMzkseiqg.exe
O4 – Startup: ATI Scheduler.lnk = C:atiatideskatisched.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:Programydo zdjęćEbayEbay.htm
O13 – DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 – WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 – Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 – Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O21 – SSODL: DDE Module – {DABB03E9–AC0D–3740–E3E5–4B37C80837E5} – C:WINDOWSSYSTEMmtwirl.dll
O21 – SSODL: eplrr – {FA3100E0–5761–11D9–9DCF–0050BA348272} – C:WINDOWSSYSTEMeplrr3.dll
O21 – SSODL: OLE Module – {0211C4D9–BC71–8916–38AD–9DEA5D213614} – C:WINDOWSSYSTEMchup.dll

Odpowiedzi: 6

Usun to z loga i z dysku pliki:

C:WINDOWSSYSTEMIEDBG.EXE
C:WINDOWSDANE APLIKACJIAEEB.EXE
C:WINDOWSSYSTEMKSEIQG.EXE
O2 – BHO: (no name) – {1784F4C5–472B–10FB–5663–393650EEAFC5} – C:WINDOWSSYSTEMEQMG.DLL
O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O4 – HKLM..Run: [iedbg] C:WINDOWSSYSTEMiedbg.exe
O4 – HKCU..Run: [Rrip] C:WINDOWSDane aplikacjiaeeb.exe
O4 – HKCU..Run: [Gvptwmoz] C:WINDOWSSYSTEMzkseiqg.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O21 – SSODL: DDE Module – {DABB03E9–AC0D–3740–E3E5–4B37C80837E5} – C:WINDOWSSYSTEMmtwirl.dll
O21 – SSODL: eplrr – {FA3100E0–5761–11D9–9DCF–0050BA348272} – C:WINDOWSSYSTEMeplrr3.dll
O21 – SSODL: OLE Module – {0211C4D9–BC71–8916–38AD–9DEA5D213614} – C:WINDOWSSYSTEMchup.dll
EL NINO
Dodano
27.12.2004 01:16:33
Fix:

O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=


To czego nie umiesz usunac hijackiem usun w rejestrze, badz wyszukaj plik na dysku.

IMO widze tu troche podejrzanych wpisow, o ktorych nic w sieci nie slychac
gieras
Dodano
26.12.2004 21:33:25
Wywaliłem to co oznaczyłeś lecz wszystkiego hijackt(fix)nie usunął.zerkniLogfile of HijackThis v1.99.0
Scan saved at 19:12:41, on 04–12–26
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004PSIMSVC.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMATITASK.EXE
C:WINDOWSSYSTEMATICWD32.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004APVXDWIN.EXE
C:WINDOWSSYSTEMIEDBG.EXE
C:WINDOWSDANE APLIKACJIAEEB.EXE
C:ATIATIDESKATISCHED.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA TITANIUM ANTIVIRUS 2004WEBPROXY.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSSYSTEMWINOA386.MOD
C:WINDOWSSYSTEMKSEIQG.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
D:TYMCZASOWYHIHIJACKTHIS.EXE

R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {1784F4C5–472B–10FB–5663–393650EEAFC5} – C:WINDOWSSYSTEMEQMG.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHELPER.DLL
O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSYSTEMTBC.DLL
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Atikey] Atitask.exe
O4 – HKLM..Run: [AtiCwd32] Aticwd32.exe
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [iedbg] C:WINDOWSSYSTEMiedbg.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [MKS_MON] C:Program FilesMKSBinmks_mon.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 – HKLM..RunServices: [PavProc] "C:Program FilesCommon FilesPanda SoftwarePavShldPavPrS9x.exe"
O4 – HKLM..RunServices: [PSIMSVC] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PSIMSVC.exe"
O4 – HKCU..Run: [Rrip] C:WINDOWSDane aplikacjiaeeb.exe
O4 – HKCU..Run: [Gvptwmoz] C:WINDOWSSYSTEMzkseiqg.exe
O4 – Startup: ATI Scheduler.lnk = C:atiatideskatisched.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – D:Programydo zdjęćEbayEbay.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: DDE Module – {DABB03E9–AC0D–3740–E3E5–4B37C80837E5} – C:WINDOWSSYSTEMmtwirl.dll
O21 – SSODL: eplrr – {FA3100E0–5761–11D9–9DCF–0050BA348272} – C:WINDOWSSYSTEMeplrr3.dll
O21 – SSODL: OLE Module – {0211C4D9–BC71–8916–38AD–9DEA5D213614} – C:WINDOWSSYSTEMchup.dll

j jeszcze na ten log.Jak to usunąć?
grzesiek–78
Dodano
26.12.2004 20:17:26
grzesiek–78:
Czy wszystko fix?
na moje oko wszystko
gieras
Dodano
26.12.2004 20:15:29
Czy wszystko fix?
grzesiek–78
Dodano
26.12.2004 19:09:56


R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html

O13 – DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 – WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 – Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 – Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
gieras
Dodano
26.12.2004 19:04:59
grzesiek–78
Dodano:
26.12.2004 18:37:55
Komentarzy:
6
Strona 1 / 1