CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo HijackThis o co w tym biega

HijackThis o co w tym biega

jestem poczatkujacym grzebaczem w systemie
glownie chodzi o to ze mialem ost przykrosc posiadania Win32:Tibick–UPX chyba go usunolem ale nie
jestem pewien
a tak wogole to prosilbym kogos kto sie zna o przejrzenie loga z HijackThis
prosze o opinie co jest nie tak
i jeszcze co moge poprawic

Logfile of HijackThis v1.97.7
Scan saved at 13:48:11, on 2004–08–23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:WINDOWSSystem32devldr32.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesTlen.pl len.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashserv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32 vsvc32.exe
C:Program Filesstrong dc++StrongDC.exe
C:Program Files otalcmdTOTALCMD.EXE
C:Program FilesOpera75opera.exe
C:WINDOWSSystem32cmd.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsPYTHONEKPulpitHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://kaylee.mylog.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: IncrediFindBHO Class – {5D60FF48–95BE–4956–B4C6–6BB168A70310} – C:PROGRA~1INCRED~1BHOINCFIN~1.DLL (file missing)
O2 – BHO: (no name) – {00000EF1–0786–4633–87C6–1AA7A44296DA} – C:WINDOWSSystem32ATPART~1.DLL
O2 – BHO: (no name) – {0096CC0A–623C–4829–AD9C–19AF0DC9D8FE} – C:Program FilesDAPDAPIEBar.dll (file missing)
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar2.binMYBAR.DLL (file missing)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_30.dll
O2 – BHO: NavErrRedir Class – {5D60FF48–95BE–4956–B4C6–6BB168A70310} – C:PROGRA~1INCRED~1BHOINCFIN~1.DLL (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {B20F1CCA–CE16–40F7–82CF–9255840F8427} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {BD51AEC6–7991–4A60–94D6–D5FEBB655D10} – C:WINDOWSsystem32IEMsg.dll
O2 – BHO: (no name) – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar2.binMYBAR.DLL (file missing)
O4 – HKLM..Run: [avast!] C:Program FilesAlwil SoftwareAvast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe –startgui
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [System Restore] svcnet.exe
O4 – HKCU..Run: [System Restore] svcnet.exe
O8 – Extra context menu item: &Define – C:WINDOWSWebERS_DEF.HTM
O8 – Extra context menu item: &Search the Web – C:WINDOWSWebERS_SRC.HTM
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Look Up in &Encyclopedia – C:WINDOWSWebERS_ENC.HTM
O8 – Extra context menu item: Pobierz z &BitSpirit – C:Program FilesBitSpiritsurl.htm
O8 – Extra context menu item: Pobierz z &BitSpirit
– C:Program FilesBitSpiritsurl.htm
O8 – Extra context menu item: Web Savings – file://C:Program FilesWebSavingsfromEbatesSystemTempebateswebsavings_script0.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O16 – DPF: {8AD9C840–044E–11D1–B3E9–00805F499D93} (Java Runtime Environment 1.4.2) –
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {CAFEEFAC–0014–0001–0001–ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) –
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

mam nadzieje ze ktos bedzie na tyle mily i odpowie

Odpowiedzi: 5

dzieki bardzo chlopaki i wszytko usuniete za pomoca uninstalera :) pozdrowka
pythonek
Dodano
24.08.2004 12:30:16
:arrow: http://www.adwareaway.com/newdotnet.htm
Uźyj Removal Tool lub cała procedura usuwania z dostępnym uninstaller`em na stronie Support NewDotNet.
McScr@by
Dodano
24.08.2004 10:13:59
Probuj usunac albo w trybie awaryjnym, albo w konsoli odzyskiwania komenda "del".
EL NINO
Dodano
24.08.2004 01:00:12
wszystko sie udalo tylko jednej rzeczy nie moge sie pozbyc newdotnet6_30.dll niestety jest super odporny wylaczylem prawie wszystkie procesy tak ze mi sam sie komp wylaczyl a tu lipa trzyma
jest w katalogu NewDotNet w program files
a co do przywracania systemu to zawsze mam wylaczone
jest tam tez uninstal ale tez nie dziala i readme.html
jak mam sie go pozbyc
pythonek
Dodano
24.08.2004 00:15:04
Fix :

R3 – URLSearchHook: IncrediFindBHO Class – {5D60FF48–95BE–4956–B4C6–6BB168A70310} – C:PROGRA~1INCRED~1BHOINCFIN~1.DLL (file missing)
O2 – BHO: (no name) – {00000EF1–0786–4633–87C6–1AA7A44296DA} – C:WINDOWSSystem32ATPART~1.DLL
O2 – BHO: (no name) – {0096CC0A–623C–4829–AD9C–19AF0DC9D8FE} – C:Program FilesDAPDAPIEBar.dll (file missing)
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar2.binMYBAR.DLL (file missing)
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_30.dll
O2 – BHO: NavErrRedir Class – {5D60FF48–95BE–4956–B4C6–6BB168A70310} – C:PROGRA~1INCRED~1BHOINCFIN~1.DLL (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {B20F1CCA–CE16–40F7–82CF–9255840F8427} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {BD51AEC6–7991–4A60–94D6–D5FEBB655D10} – C:WINDOWSsystem32IEMsg.dll
O2 – BHO: (no name) – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll (file missing)
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar2.binMYBAR.DLL (file missing)
O4 – HKLM..Run: [System Restore] svcnet.exe
O4 – HKCU..Run: [System Restore] svcnet.exe
O8 – Extra context menu item: &Define – C:WINDOWSWebERS_DEF.HTM
O8 – Extra context menu item: &Search the Web – C:WINDOWSWebERS_SRC.HTM
O8 – Extra context menu item: Look Up in &Encyclopedia – C:WINDOWSWebERS_ENC.HTM
O8 – Extra context menu item: Web Savings – file://C:Program FilesWebSavingsfromEbatesSystemTempebateswebsavings_script0.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer


Wyłącz przywracanie systemu (Me,XP)
Wyłącz w task`u proces :

svcnet.exe

Wyszukaj zaznaczając ukryte pliki i foldery i usuń :

svcnet.exe
ATPART~1.DLL
newdotnet6_30.dll
lbbho.dll
IEMsg.dll
ERS_DEF.HTM
ERS_SRC.HTM
ERS_ENC.HTM
ebateswebsavings_script0.htm

Włącz przywracanie.
McScr@by
Dodano
23.08.2004 16:28:41
pythonek
Dodano:
23.08.2004 15:58:56
Komentarzy:
5
Strona 1 / 1