CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosze sprwadzić LOG'a

Prosze sprwadzić LOG'a

Logfile of HijackThis v1.97.7
Scan saved at 13:47:16, on 2005–01–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AvltMain.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:PROGRAMYHJTHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {641E868D–C35D–4BF9–8E0B–D307CD531254} – C:WINDOWSSystem32fedc.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRAMYFlashGetfgiebar.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O8 – Extra context menu item: Download All by FlashGet – D:PROGRAMYFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:PROGRAMYFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 – Trusted Zone: http://*.www.wp.pl
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–

Odpowiedzi: 6

FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {641E868D–C35D–4BF9–8E0B–D307CD531254} – C:WINDOWSSystem32fedc.dll
O15 – Trusted Zone: http://*.www.wp.pl


Wyrejestruj i usun: C:WINDOWSSystem32fedc.dll
Bobi
Dodano
27.01.2005 17:43:47
Wyłącz przywracanie systemu i wywal go w trybie awaryjnym.
MarcinX
Dodano
27.01.2005 15:30:56
Logfile of HijackThis v1.97.7
Scan saved at 14:20:58, on 2005–01–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesWinampwinamp.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesThe Cleanercleaner.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:PROGRAMYHJTHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {641E868D–C35D–4BF9–8E0B–D307CD531254} – C:WINDOWSSystem32fedc.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRAMYFlashGetfgiebar.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O8 – Extra context menu item: Download All by FlashGet – D:PROGRAMYFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:PROGRAMYFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 – Trusted Zone: http://*.www.wp.pl
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200

a teraz :)

a poza tym jak chcem zfikosować to: O2 – BHO: (no name) – {641E868D–C35D–4BF9–8E0B–D307CD531254} – C:WINDOWSSystem32fedc.dll
noi to mi poisze ze nie mozna usunac tego z mojego systemu..
bystry77
Dodano
27.01.2005 15:14:12
To tylko jeden antywir Panda,proces Symanteca to z NIS.



R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1ystryUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
O2 – BHO: (no name) – {641E868D–C35D–4BF9–8E0B–D307CD531254} – C:WINDOWSSystem32fedc.dll
O15 – Trusted Zone: http://*.www.wp.pl
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab


Moźesz wywalić.

Ale log chyba nie jest pełny.
MarcinX
Dodano
27.01.2005 15:09:37
wlanie o to chodzi ze nnie uzywam mam tylko Pande.A poza tym nio to mam problemy ze strona startowa .Mam Ad–awara i on cos znajduje ale jak to usune to to i tak pozostaje..
bystry77
Dodano
27.01.2005 15:06:14
A co sie dzieje?

Czemu uzywaz dwoch antywirusów?
brtx
Dodano
27.01.2005 14:46:42
bystry77
Dodano:
27.01.2005 14:40:59
Komentarzy:
6
Strona 1 / 1