dropper
mam droppera ...ściagnełam hijackA ALE NIE WIEM CO DALEJ
Odpowiedzi: 4
Wylaczasz przywracanie systemu, przy pomocy trzech kroli (ctrl+alt+del) dostajesz sie do menedzera zadan i ubijasz ponizsze procesy (pliki exe), bastepnie pozbywasz sie ich z dysku. Jesli chodzi zas o pliki dll to pewnie trzeba je bedzie najpierw wyrejestrowac. Robi to sie tak:
przycisk Start>uruchom i wpisujesz regsvr32 /u C:WINDOWSSystem32fmnbcka.dll (to tylko jeden plik). Identycznie postepujesz przy pozostalych dllach.
przycisk Start>uruchom i wpisujesz regsvr32 /u C:WINDOWSSystem32fmnbcka.dll (to tylko jeden plik). Identycznie postepujesz przy pozostalych dllach.
C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
C:WINDOWSsystem32??plorer.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://MEN01:80/array.dll?Get.Routing.Script
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http://MEN01:80
O2 – BHO: (no name) – {4A1D5AA5–76BA–4A85–AAFD–1F8423B351D9} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {6C8EB4A5–D8D4–4D21–9293–6EDA33641C58} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {7199B05A–74CF–243C–CF1E–25A76C4C92B1} – C:WINDOWSSystem32gaxf.dll
O2 – BHO: (no name) – {9FA98925–B196–4B60–A6D4–37AFEC9D87A6} – C:WINDOWSSystem32fmnbcka.dll
O4 – HKCU..Run: [sr64] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiMicrosoftsr64aahojpla.exe
O4 – HKCU..Run: [Actw] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
O4 – HKCU..Run: [Bxzm] C:WINDOWSSystem32??plorer.exe
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O18 – Filter: text/html – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O18 – Filter: text/plain – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Ncldbaha.dll
hello...moźna coś z tym zrobić ?
Logfile of HijackThis v1.99.0
Scan saved at 14:05:13, on 2004–12–30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSExplorer.EXE
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesABBYY FineReader 5.0CAgent.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
C:WINDOWSsystem32??plorer.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesTlen.plTlen.exe
C:Program FileshijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://MEN01:80/array.dll?Get.Routing.Script
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http://MEN01:80
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {4A1D5AA5–76BA–4A85–AAFD–1F8423B351D9} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {6C8EB4A5–D8D4–4D21–9293–6EDA33641C58} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {7199B05A–74CF–243C–CF1E–25A76C4C92B1} – C:WINDOWSSystem32gaxf.dll
O2 – BHO: (no name) – {9FA98925–B196–4B60–A6D4–37AFEC9D87A6} – C:WINDOWSSystem32fmnbcka.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [ABBYY Community Agent] C:Program FilesABBYY FineReader 5.0CAgent.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [sr64] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiMicrosoftsr64aahojpla.exe
O4 – HKCU..Run: [Actw] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
O4 – HKCU..Run: [Bxzm] C:WINDOWSSystem32??plorer.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101978529015
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Filter: text/html – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O18 – Filter: text/plain – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Ncldbaha.dll
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Netropa NHK Server – Unknown – C:Program FilesNetropaMultimedia Keyboard hksrv.exe
O23 – Service: Symantec SPBBCSvc – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
Scan saved at 14:05:13, on 2004–12–30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSExplorer.EXE
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesABBYY FineReader 5.0CAgent.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
C:WINDOWSsystem32??plorer.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesTlen.plTlen.exe
C:Program FileshijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://MEN01:80/array.dll?Get.Routing.Script
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http://MEN01:80
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {4A1D5AA5–76BA–4A85–AAFD–1F8423B351D9} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {6C8EB4A5–D8D4–4D21–9293–6EDA33641C58} – C:WINDOWSSystem32fmnbcka.dll
O2 – BHO: (no name) – {7199B05A–74CF–243C–CF1E–25A76C4C92B1} – C:WINDOWSSystem32gaxf.dll
O2 – BHO: (no name) – {9FA98925–B196–4B60–A6D4–37AFEC9D87A6} – C:WINDOWSSystem32fmnbcka.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [ABBYY Community Agent] C:Program FilesABBYY FineReader 5.0CAgent.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [sr64] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiMicrosoftsr64aahojpla.exe
O4 – HKCU..Run: [Actw] C:Documents and SettingsOla.MEN–PG4F4O4CBIADane aplikacjiobcc.exe
O4 – HKCU..Run: [Bxzm] C:WINDOWSSystem32??plorer.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101978529015
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Filter: text/html – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O18 – Filter: text/plain – {240E227F–CFB4–4EB7–81A5–CECE05AEE074} – C:WINDOWSSystem32fmnbcka.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Ncldbaha.dll
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Netropa NHK Server – Unknown – C:Program FilesNetropaMultimedia Keyboard hksrv.exe
O23 – Service: Symantec SPBBCSvc – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
pokaź nam loga z hijack'a
Strona 1 / 1