hijack co usunąć ? cd...

Potrzebuję waszej pomocy, co usunąć ? komp się trochę muli :(

Logfile of HijackThis v1.98.2
Scan saved at 16:00:06, on 2004–08–14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesNavNTdefwatch.exe
C:Program FilesNavNT tvscan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32usrbridg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32atiptaxx.exe
C:Program FilesDellAccessDirectdadapp.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
C:WINDOWSSystem32pctspk.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnf.exe
C:Program FilesHewlett–PackardDigital ImagingUnloadhpqcmon.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesNavNTvptray.exe
C:WINDOWSSystem32 undll32.exe
C:WINDOWSNCLAUNCH.EXe
C:Program FilesMicrosoft Office97OfficeOSA.EXE
C:Program FilesDellAccessDirectDadTray.exe
C:Documents and Settingssbanasiak.PZUMoje dokumentyHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.cen.pzu.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.euro.dell.com/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = nov
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 10.0.19.30:80
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *pzu.pl; 10*;
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: TwaintecObj Class – {000020DD–C72E–4113–AF77–DD56626C6C42} – C:WINDOWS waintec.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {56CD20F0–7C09–11D5–A768–0050042307CE} – (no file)
O2 – BHO: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – (no file)
O2 – BHO: (no name) – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – (no file)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 – HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [DadApp] C:Program FilesDellAccessDirectdadapp.exe
O4 – HKLM..Run: [Share–to–Web Namespace Daemon] C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
O4 – HKLM..Run: [PCTVOICE] pctspk.exe
O4 – HKLM..Run: [CamMonitor] C:Program FilesHewlett–PackardDigital Imaging\Unloadhpqcmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [WinGuard Pro] C:WINDOWSSystem32lockctrl.exe C:WINDOWSSystem32wgp.exe
O4 – HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKCU..Run: [NCLaunch] C:WINDOWSNCLAUNCH.EXe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft Office97OfficeOSA.EXE
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Pobierz uźywając Download &Express'a – C:Documents and Settingssbanasiak.PZUMoje dokumentydodatkiAdd_Url.htm
O8 – Extra context menu item: Si&milar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 – HKLMSystemCCSServicesTcpipParameters: Domain = pzu.pl
O17 – HKLMSoftware..Telephony: DomainName = pzu.pl

Fix :

O16 – DPF: {E2F2B9D0–96B9–4B25–B90C–636ECB207D18} – http://www.whenusearch.com/WUInstSECS.cab
O4 – HKCU..Run: [Microsoft Update Emulator] kernel–mon.exe
O4 – HKLM..Run: [Microsoft Update Emulator] kernel–mon.exe

Wyłącz przywracanie systemu,
Wyłącz proces w Tasku kernel–mon.exe ( jeśli jest ),
Wyszukaj ( zaznacz ukryte... )
C:WINDOWSSystem32kernel–mon.exe i usuń.

Gdybyś sobie nie poradził to uźyj :
(Wcześniej wyłącz przywracanie systemu) .

:arrow: http://securityresponse.symantec.com/avcenter/FxGaobot.exe

Powodzenia.

McScr@by

Dodano: 17.08.2004 22:20:09

A to mój log.Co z tym zrobić?

Logfile of HijackThis v1.98.2
Scan saved at 18:33:13, on 2004–08–17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004Pavsrv51.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSautoclk.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:PROGRA~1WanadooTaskbarIcon.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSystem32kernel–mon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:Program FilesiPodiniPodService.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1DanielUSTAWI~1TempRar$EX00.813HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [autoclk] autoclk.exe
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [Wootaskbaricon] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [Woowatch] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [ITunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [Microsoft Update Emulator] kernel–mon.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..RunServices: [Microsoft Update Emulator] kernel–mon.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Microsoft Update Emulator] kernel–mon.exe
O4 – Global Startup: dslmon.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {E2F2B9D0–96B9–4B25–B90C–636ECB207D18} – http://www.whenusearch.com/WUInstSECS.cab
O17 – HKLMSystemCCSServicesTcpip..{71557B37–2E00–45C8–A403–DF81399E5B36}: NameServer = 194.204.152.34 217.98.63.164

Anonymous

Dodano: 17.08.2004 20:34:52

Wyłaczyć przywracanie systemu ( Me/Xp ).

Hijack This Fix :

O2 – BHO: TwaintecObj Class – {000020DD–C72E–4113–AF77–DD56626C6C42} – C:WINDOWS waintec.dll
O2 – BHO: (no name) – {56CD20F0–7C09–11D5–A768–0050042307CE} – (no file)
O2 – BHO: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – (no file)
O2 – BHO: (no name) – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – (no file)
O3 – Toolbar: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"

Nie podałem fixów New.net Startup ( za wyjątkiem QuickSearchBar1_27.dll, ) skoro sobie poradziłeś.

Wyszukać ( zaznaczając ukryte foldery ) i usunąć –

twaintec.dll ( procedura usuwania tutaj )
QuickSearchBar1_27.dll,
WebRebates0.exe ( procedura usuwania tutaj )

Włączyć przywracanie.

Pozatym log OK.

McScr@by

Dodano: 15.08.2004 12:16:53

ok, chyba sobie poradziłem
znalazłem programi do deinstalacji tego g....
www.new.net/support/uninstall6_34.exe

sbanasiak

Dodano: 14.08.2004 21:02:28

hijack co usunąć ? cd...

Odpowiedzi: 4