CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Jak zlikwidować STARTNOW.HYPERBAR???

Jak zlikwidować STARTNOW.HYPERBAR???

Moj program antywirusowy (Ad–Aware SE Personal)znalazl wirusa startnow.hyperBar zupelnei nie wiem jak mam sobi z nim poradzic. nie moge wejsc na niektore strony bo wyswietla sie strona startnow.com. pozatym przez to chyba nie dziala mi poprawnie IE, a teraz juz nawet gg. wydaje mi sie jakby wtedy kiedy moj program chcial go usunac, on sie aktywowal... czym moge go zwalczyc? czy odrazu dzwonic po informatyka??

Odpowiedzi: 5

Sorry Netspirit źe zmieniłem Tobie płeć, chyba mi wybaczysz co :wink:

Wyłącz Marta przywracanie systemu,
Zakończ procesy w Mgr Zadań :

Inforef.exe (jeśli jest)
BendMfcd.exe (j/w)
Tvm.exe (j/w)
WaveRoad.exe(j/w)

Wyszuaj pliki w/w zaznaczają ukryte i je usuń,
Sciągnij ten Remover i go uźyj :

http://www.new.net/support/uninstall6_38.exe.

Wyszukaj następujące pliki na dysku i je usuń :

HyperbarSS3.dll ( w razie problemów wyrejestruj bibliotekę w Uruchom poleceniem Regserv32 /u HyperbarSS3.dll )
newdotnet6_38.dll (gdyby jeszcze był)
NEWDOT~2.DLL (gdyby jeszcze był)

Napraw ( Fix checked ) :
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://minisearch.startnow.com/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://minisearch.startnow.com/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://minisearch.startnow.com/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://minisearch.startnow.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = "%1" /S
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = "%1" /S
R3 – URLSearchHook: HyperSearchHook – {F78C3404–20AF–460F–BAE1–30F4F0F9064A} – C:Program FilesCommon FilesHyperbarHyperbarSS3.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O2 – BHO: HyperBHO – {4B2F5308–2CB0–40E2–8030–59936ED5D22C} – C:Program FilesCommon FilesHyperbarHyperbar.dll (file missing)
O2 – BHO: (no name) – {4FC95EDD–4796–4966–9049–29649C80111D} – (no file)
O2 – BHO: (no name) – {A99E1618–98EC–98F3–7B56–50D9B27636B8} – C:DOCUME~1 estDANEAP~1ONCECL~1Inforef.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [Bib City Info Window] C:Documents and SettingsAll UsersDane aplikacjiSoft drv bib cityBendMfcd.exe
O4 – HKLM..Run: [TV Media] C:Program FilesTV MediaTvm.exe
O4 – HKCU..Run: [BASE FREE] C:DOCUME~1 estDANEAP~1COALVG~1WaveRoad.exe
O4 – HKCU..Run: [TV Media] C:Program FilesTV MediaTvm.exe
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net

Włącz przywracanie systemu.
Jeśli wszystko dobrze zrobisz to problem zostanie rozwiązany.
McScr@by
Dodano
02.01.2005 13:40:32
zainstalowalam program hijack this. i o to co zapisalne zostalo w notatniku:

Logfile of HijackThis v1.99.0
Scan saved at 11:19:09, on 2005–01–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
D:WinampWinampa.exe
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:WINDOWSSystem32 undll32.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesDeluxPS2 Keyboard English Editionkeyboard.exe
D:SpywareGuardsgmain.exe
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumFirewallPavFires.exe
C:Program FilesPanda SoftwarePanda Antivirus Platinumpavsrv51.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAVENGINE.EXE
D:SpywareGuardsgbhp.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumpavProxy.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
D:Program FilesHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://minisearch.startnow.com/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://minisearch.startnow.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.o2.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://minisearch.startnow.com/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://minisearch.startnow.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = "%1" /S
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = "%1" /S
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: HyperSearchHook – {F78C3404–20AF–460F–BAE1–30F4F0F9064A} – C:Program FilesCommon FilesHyperbarHyperbarSS3.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O2 – BHO: SpywareGuard Download Protection – {4A368E80–174F–4872–96B5–0B27DDD11DB2} – D:SpywareGuarddlprotect.dll
O2 – BHO: HyperBHO – {4B2F5308–2CB0–40E2–8030–59936ED5D22C} – C:Program FilesCommon FilesHyperbarHyperbar.dll (file missing)
O2 – BHO: (no name) – {4FC95EDD–4796–4966–9049–29649C80111D} – (no file)
O2 – BHO: (no name) – {A99E1618–98EC–98F3–7B56–50D9B27636B8} – C:DOCUME~1 estDANEAP~1ONCECL~1Inforef.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 – HKLM..Run: [WinampAgent] "D:WinampWinampa.exe"
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [RealJukeboxSystray] D:RealJukebox systray.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [SCANINICIO] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [Bib City Info Window] C:Documents and SettingsAll UsersDane aplikacjiSoft drv bib cityBendMfcd.exe
O4 – HKLM..Run: [TV Media] C:Program FilesTV MediaTvm.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Komunikator] D: len len.exe
O4 – HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe –quiet
O4 – HKCU..Run: [BASE FREE] C:DOCUME~1 estDANEAP~1COALVG~1WaveRoad.exe
O4 – HKCU..Run: [TV Media] C:Program FilesTV MediaTvm.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:Gadu–Gadugg.exe" /tray
O4 – Startup: SpywareGuard.lnk = D:SpywareGuardsgmain.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: PS2 Keyboard English Edition.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_04in pjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_04in pjpi142_04.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLMSystemCS1ServicesTcpip..{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLMSystemCS2ServicesTcpip..{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: Panda Firewall Service – Unknown – C:Program FilesPanda SoftwarePanda Antivirus PlatinumFirewallPavFires.exe
O23 – Service: Panda anti–virus service – Unknown – C:Program FilesPanda SoftwarePanda Antivirus Platinumpavsrv51.exe
netspirit
Dodano
02.01.2005 12:24:58
Pierwszy przyklejony temat w tym dziale.
wins
Dodano
02.01.2005 03:24:33
dzieki bardzo, ale ta stronka jest po angielsku...:/
a co do HJT, mozesz mi napisac jak Wam pokazac ten dziennik? jutro to zrobie

pozdrawiam, Marta
netspirit
Dodano
02.01.2005 01:51:55
Program antywirusowy Ad–Adware, niech będzie i tak.

Info jak usunąc jest tutaj :

:arrow: http://antispyware.stompsoft.com/s/startnow_hyperbar.asp

Gdy nie będziesz umiał sobie poradzić moźesz pokazać dziennik z HJT.
McScr@by
Dodano
02.01.2005 01:38:39
netspirit
Dodano:
02.01.2005 01:29:01
Komentarzy:
5
Strona 1 / 1