prosze o sprawdzenie loga
Hejki! Parę dni temu przyplątał mi sie spysheriff. Udało mi się opanowąc tapetę i pulpit mi juź nie miga, ale dalej chce skanować, a na pasku mam czerwone krzyźyki. Wygłąda to jak reklama "Polskiego Czerwonego Krzyźa" a ja chciałabym tak jak dawniej :) Ponadto spowalnia mi kompa itd. Prosze o sprawdzenie loga, bo juź mi sie juź skończyła inwencja twórcza i nie wiem co z tym zrobić.
Logfile of HijackThis v1.99.1
Scan saved at 18:53:36, on 2005–09–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avrgmbh\Mfhh.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\tool2.exe
C:\winstall.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\msvc.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Monika\USTAWI~1\Temp\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dnet.pl/wpad.dat
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: LBBHO – {EFD84954–6B46–42f4–81F3–94CE9A77052D} – C:\WINDOWS\lbbho.dll
O3 – Toolbar: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [hez] C:\WINDOWS\hez.exe
O4 – HKLM\..\Run: [Hpnerih] C:\Program Files\Avrgmbh\Mfhh.exe
O4 – HKLM\..\Run: [bib5iarc] C:\WINDOWS\System32\bib5iarc.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoffice32.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\RunServices: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\JetCar.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\JetCar.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} – http://207.188.7.150/23dc436b3b07942a1215/netzip/RdxIE601.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\glnlqjbo.dll
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:53:36, on 2005–09–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avrgmbh\Mfhh.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\tool2.exe
C:\winstall.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\msvc.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Monika\USTAWI~1\Temp\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dnet.pl/wpad.dat
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: LBBHO – {EFD84954–6B46–42f4–81F3–94CE9A77052D} – C:\WINDOWS\lbbho.dll
O3 – Toolbar: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [hez] C:\WINDOWS\hez.exe
O4 – HKLM\..\Run: [Hpnerih] C:\Program Files\Avrgmbh\Mfhh.exe
O4 – HKLM\..\Run: [bib5iarc] C:\WINDOWS\System32\bib5iarc.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoffice32.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\RunServices: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\JetCar.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\JetCar.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} – http://207.188.7.150/23dc436b3b07942a1215/netzip/RdxIE601.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\glnlqjbo.dll
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 5
Będzie krótko –
dzięki :)
dzięki :)
Będzie krótko –
dzięki :)
dzięki :)
SpySheriff to nie wszystko co masz w systemie.
– wylącz przywracanie
– uruchom system w awaryjnym
– pozbądź się, New.Net odinstaluj z Dodaj/Usuń:
Pozostałości DAPa:
Syfiasty iMesh, odinstalować:
Toolbar Reala, wywalić:
Czemu zawdzięcasz ten syf w systemie:
– brak Service Packów i zapwn łat krytycznych
– brak programu antywirusowego
Zainstaersuj się trojanem Repsamo, konkretniej wpisami w rejestrze i plikiem który dodatkowo na dsku zostawia, szczegóły w archiwum.
Po usuwaniu w razie czego podaj konkrolny log, albo porównaj go z tym co kazałem wyciąć.
– wylącz przywracanie
– uruchom system w awaryjnym
– pozbądź się, New.Net odinstaluj z Dodaj/Usuń:
C:\WINDOWS\System32\msvc.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dnet.pl/wpad.dat
R3 – Default URLSearchHook is missing
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll
O2 – BHO: LBBHO – {EFD84954–6B46–42f4–81F3–94CE9A77052D} – C:\WINDOWS\lbbho.dll
O4 – HKLM\..\Run: [hez] C:\WINDOWS\hez.exe
O4 – HKLM\..\Run: [Hpnerih] C:\Program Files\Avrgmbh\Mfhh.exe
O4 – HKLM\..\Run: [bib5iarc] C:\WINDOWS\System32\bib5iarc.exe
O4 – HKLM\..\Run: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoffice32.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\RunServices: [Microsoft Windows Driver Services] ethernet.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} – http://207.188.7.150/23dc436b3b07942a1215/netzip/RdxIE601.cab
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\glnlqjbo.dll
Pozostałości DAPa:
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
Syfiasty iMesh, odinstalować:
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
Toolbar Reala, wywalić:
O2 – BHO: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 – Toolbar: REALBAR – {4E7BD74F–2B8D–469E–C0FF–FD60B590A87D} – C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
Czemu zawdzięcasz ten syf w systemie:
– brak Service Packów i zapwn łat krytycznych
– brak programu antywirusowego
Zainstaersuj się trojanem Repsamo, konkretniej wpisami w rejestrze i plikiem który dodatkowo na dsku zostawia, szczegóły w archiwum.
Po usuwaniu w razie czego podaj konkrolny log, albo porównaj go z tym co kazałem wyciąć.
cybull:
korzystałe z tego: http://forum.centrumxp.pl/viewtopic.php?t=37513
Tak – korzystałe z tego ale gdybym wiedziala co usunąć to by mnie tu nie było. Mam około 30 dzikich wpisów ale nie wiem który odpowiada za szeryfa. :lol:
Strona 1 / 1