Proszę o analizę
Oto log kumpeli. Proszę o analizę. Na moje oko jest trochę do wywalenia,ale jeszcze nie jestem tak biegła w tej analizie jak niektórzy forumowicze.
Więc oto log:
Pozdrawiam
Lia
Więc oto log:
Logfile of HijackThis v1.98.1
Scan saved at 10:33:41, on 2005–02–09
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:PROGRA~1ToolbarTBPS.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1ToolbarPIB.exe
C:Program FilesCommon FilesWinToolsWToolsA.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:Program FilesCommon FilesWinToolsWSup.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSSystem32 undll32.exe
C:Program FilesTlen.pl len.exe
C:Program FilesSkypePhoneSkype.exe
D:Moje dokumentyDOKUMENTYBezpieczeństwohijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – C:PROGRA~1Toolbar oolbar.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O17 – HKLMSystemCCSServicesTcpip..{A5A204B0–C37A–475E–96C4–DBBD724AFE19}: NameServer = 217.17.34.10,213.17.178.186
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – C:PROGRA~1Toolbar oolbar.dll
Pozdrawiam
Lia
Odpowiedzi: 2
Dziekuje w imieniu kumpelki. Pomogło! Choć nie tak jak radziłes, ale dało rade, badziewia nie ma.
Wylaczasz przywracanie systemu
Zakanczasz peocesy:
TBPS.exe
PIB.exe
WToolsA.exe
WSup.exe
Sciagasz uninstallera New.Net'a
:arrow: http://www.new.net/support/uninstall6_38.exe i oczywiscie uzywasz go
Do wywalenia z HDD:
C:PROGRA~1Toolbar
C:Program FilesMyWay
C:Program FilesNewDotNet
C:PROGRA~1COMMON~1WinTools
FIX:
Zakanczasz peocesy:
TBPS.exe
PIB.exe
WToolsA.exe
WSup.exe
Sciagasz uninstallera New.Net'a
:arrow: http://www.new.net/support/uninstall6_38.exe i oczywiscie uzywasz go
Do wywalenia z HDD:
C:PROGRA~1Toolbar
C:Program FilesMyWay
C:Program FilesNewDotNet
C:PROGRA~1COMMON~1WinTools
FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – C:PROGRA~1Toolbar oolbar.dll
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – C:PROGRA~1Toolbar oolbar.dll
Strona 1 / 1