CentrumXP Forum Tematyka portalu CentrumXP.pl Windows XP internet explorer :(

internet explorer :(

mam taki problemik wievie jak to zlikwidowac

Odpowiedzi: 5

Wiec
Wylacz przywracanie

Zakoncz procesy:
istsvc.exe
WinCtlAdAlt.exe
bargains.exe
WinCtlAd.exe

Wyrzucasz z dysku pliki (te z system32)/całe katalogi z Program Files czy Windows oraz oprozniasz Temp

FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.google.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL (file missing)
O2 – BHO: (no name) – {52DC9EC1–35A9–4914–98D9–D568A9854DA2} – C:WINDOWSSystem32yesabi.dll
O2 – BHO: HBO Class – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – C:WINDOWSinet100551.02.05.dll
O2 – BHO: (no name) – {DD3468B4–D0ED–D5FC–B2E9–F6830EA3886B} – C:WINDOWSSystem32 ixigaf.dll
O2 – BHO: (no name) – {E4C14BDE–E448–4727–867F–CCFCA70B791F} – C:WINDOWSSystem32lkgncmb.dll (file missing)
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=580b654524d68b23906b34a03fd33a9de69f5f922a0754ee169442922e3e48cbd7605b04e0917847f89efa8e422ece1a819f5daf9328:5db0f34c35fd827de7642452ea30b3de
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O18 – Filter: text/html – {89B60FBD–C7D2–417D–BA16–C89D5551FF5E} – C:WINDOWSSystem32lkgncmb.dll
O18 – Filter: text/plain – {89B60FBD–C7D2–417D–BA16–C89D5551FF5E} – C:WINDOWSSystem32lkgncmb.dll


Nie widze odwolania w logu do: BullsEye Network
Usun katalog: C:Program FilesBullsEye Network

Mozesz teraz wlaczyc przywracanie
Bobi
Dodano
14.12.2004 16:11:17
Logfile of HijackThis v1.98.2
Scan saved at 14:53:46, on 2004–12–14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesISTsvcistsvc.exe
C:Program FilesWindows ControlAdWinCtlAdAlt.exe
C: orton avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesBullsEye Networkinargains.exe
C:Program FilesWindows ControlAdWinCtlAd.exe
C:WINDOWSexplorer.exe
C:Program FilesBitCometBitComet.exe
C:Program FilesD–Toolsdaemon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and Settings\_halPulpithijackthisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1\_halUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.google.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL (file missing)
O2 – BHO: (no name) – {52DC9EC1–35A9–4914–98D9–D568A9854DA2} – C:WINDOWSSystem32yesabi.dll
O2 – BHO: HBO Class – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – C:WINDOWSinet100551.02.05.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C: ortonNavShExt.dll
O2 – BHO: (no name) – {DD3468B4–D0ED–D5FC–B2E9–F6830EA3886B} – C:WINDOWSSystem32 ixigaf.dll
O2 – BHO: (no name) – {E4C14BDE–E448–4727–867F–CCFCA70B791F} – C:WINDOWSSystem32lkgncmb.dll (file missing)
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C: ortonNavShExt.dll
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:PROGRA~1FLASHGETjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:PROGRA~1FLASHGETjc_all.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=580b654524d68b23906b34a03fd33a9de69f5f922a0754ee169442922e3e48cbd7605b04e0917847f89efa8e422ece1a819f5daf9328:5db0f34c35fd827de7642452ea30b3de
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O17 – HKLMSystemCCSServicesTcpip..{4CFCFCC7–0FE4–4E6F–8B3E–5364CFF897E5}: NameServer = 81.210.89.235,195.114.173.153
O17 – HKLMSystemCS1ServicesTcpip..{4CFCFCC7–0FE4–4E6F–8B3E–5364CFF897E5}: NameServer = 81.210.89.235,195.114.173.153
O17 – HKLMSystemCS2ServicesTcpip..{4CFCFCC7–0FE4–4E6F–8B3E–5364CFF897E5}: NameServer = 81.210.89.235,195.114.173.153
O18 – Filter: text/html – {89B60FBD–C7D2–417D–BA16–C89D5551FF5E} – C:WINDOWSSystem32lkgncmb.dll
O18 – Filter: text/plain – {89B60FBD–C7D2–417D–BA16–C89D5551FF5E} – C:WINDOWSSystem32lkgncmb.dll


chyba o to chodzilo :)
kabu
Dodano
14.12.2004 16:01:01
kabu:
Jesli nie pomoze to wklej log z HJT

(jak to zrobic ??)

Ile razy zdarze jeszcze dzis napisac ze wszystkiego sie dowiesz wchodzac do dzialu bezpieczenstwo i przyklejonego w nim temacie o HijackThis
Bobi
Dodano
13.12.2004 23:13:23
Ad–awer nie pomoglo :(

Jesli nie pomoze to wklej log z HJT

(jak to zrobic ??)
kabu
Dodano
13.12.2004 23:11:45
Najpier przeskanuj programem Ad–awere SE z aktualna baza
PS: Wylacz okna przegladarki
Jesli nie pomoze to wklej log z HJT
Bobi
Dodano
13.12.2004 20:13:55
kabu
Dodano:
13.12.2004 20:10:01
Komentarzy:
5
Strona 1 / 1