SPYSHERIFFznów atakuje!!
Fachowcy!! co mam wykreślicz z listy źeby pozbyć się tych robaków ?!
udalo mi sie pozbyc napisu z desktopu (KillAD–em) ale dalej nie mogę włączyć menadźera zadań a jak uruchamiam sieć to znów sheriff miesza
co robić?!
oto lista z hijackthisa:
Fachowcy pomóźcie malarzowi :!: ...pędzel mi wyschnie :(
udalo mi sie pozbyc napisu z desktopu (KillAD–em) ale dalej nie mogę włączyć menadźera zadań a jak uruchamiam sieć to znów sheriff miesza
co robić?!
oto lista z hijackthisa:
Logfile of HijackThis v1.99.1
Scan saved at 00:45:57, on 2005–08–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\ThinkPad\TouchBoard\LOGONCMD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\TouchBoard\touchbrd.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\tp4mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\UPDD\TBSysTry.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\IBM\IBM Ink Manager Pro\InkXfer.exe
C:\WINDOWS\System32\tsproto.exe
C:\Program Files\IBM\IBM Ink Manager Pro\pim.exe
C:\WINDOWS\System32\ltcm000c.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ThinkPad\Utilities\tponscr.exe
C:\WINDOWS\System32\qkshoubn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Slawus\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4041
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4041
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 – Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: (no name) – {49E0E0F0–5C30–11D4–945D–000000000000} – C:\WINDOWS\system32\IEHelper.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: WHttpHelper Class – {9896231A–C487–43A5–8369–6EC9B0A96CC0} – C:\WINDOWS\System32\WStart.dll (file missing)
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 – HKLM\..\Run: [TBSysTry] C:\Program Files\UPDD\TBSysTry.exe
O4 – HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 – HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 – HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 – HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 – HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 – HKLM\..\Run: [Ink Transfer] C:\Program Files\IBM\IBM Ink Manager Pro\InkXfer.exe
O4 – HKLM\..\Run: [Ink QuickNote] C:\Program Files\IBM\IBM Ink Manager Pro\reminder.exe
O4 – HKLM\..\Run: [Ink PIM] C:\Program Files\IBM\IBM Ink Manager Pro\pim.exe
O4 – HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 – HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [qArb6jR] C:\WINDOWS\gkcur.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 – HKLM\..\Run: [qkshoubn] C:\WINDOWS\System32\qkshoubn.exe
O4 – HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" –turbo
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: ImageFox.lnk = ?
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: ICQ Pro – {6224f700–cba3–4071–b251–47cb894244cd} – C:\PROGRA~1\ICQ\ICQ.exe
O9 – Extra 'Tools' menuitem: ICQ – {6224f700–cba3–4071–b251–47cb894244cd} – C:\PROGRA~1\ICQ\ICQ.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .fpx: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll
O12 – Plugin for .ivr: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll
O12 – Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.178.84
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: {0006F063–0000–0000–C000–000000000046} (Microsoft Outlook View Control) – http://activex.microsoft.com/activex/controls/office/outlctlx.CAB
O16 – DPF: {03F998B2–0E00–11D3–A498–00104B6EB52E} (MetaStreamCtl Class) – https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://martenek.com/ThumbnailFrame.html
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {210D0CBC–8B17–48D1–B294–1A338DD2EB3A} (VatCtrl Class) – http://207.229.32.203:20099/VatDec.cab
O16 – DPF: {3F0EECCE–E138–11D1–8712–0060083D83F5} (LPViewer Class) – http://www.mgisoft.com/ActiveX/LPControl.cab
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://217.113.232.40/activex/AxisCamControl.cab
O16 – DPF: {A8739816–022C–11D6–A85D–00C04F9AEAFB} (Web Camera Server Control) – http://wrosystem.um.wroc.pl/kamera/wg_webeye.cab
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://207.229.32.203:20099/h263ctrl.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 – Filter: text/html – {4F7681E5–6CAF–478D–9CB8–4CA593BEE7FB} – C:\WINDOWS\System32\xplugin.dll
O21 – SSODL: System – {D33A4D9D–78E9–4E96–B792–1FEEDF7B98F7} – vr_sys.dll (file missing)
O23 – Service: IBM PM Service (IBMPMSVC) – IBM Corp. – C:\WINDOWS\System32\ibmpmsvc.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Logon CMD (logoncmd) – Unknown owner – C:\Program Files\ThinkPad\TouchBoard\LOGONCMD.exe
Fachowcy pomóźcie malarzowi :!: ...pędzel mi wyschnie :(
Odpowiedzi: 5
macko:
jak moźna się ustrzec od tego świństwa? czy kontrola kasperskiego wystarczy? a moźe koźystanie z mozzilli?
Ustrzec to na 100% się nie ustrzezesz, natomiast uwazne kliknie w linki i nie sciaganie byle czego z neta to podstawa.
Firefox/Opera to bardzo dobre rozwiazanie, do tego jeszcze czeste wizyty na Windows Update.
Ciesze sie ze mogłem pomóc.
ALLELUJA!!!
BOBI jesteś genialny!!
dzięki
to działa ! nie ma sheriffa!! nie ma napisów!! , menadźer działa! znów mogę malować
masz u mnie duźe piwo!!
pytanko jeszcze jak moźna się ustrzec od tego świństwa? czy kontrola kasperskiego wystarczy? a moźe koźystanie z mozzilli?
pozdrawiam
dzieki wielkie :lol:
BOBI jesteś genialny!!
dzięki
to działa ! nie ma sheriffa!! nie ma napisów!! , menadźer działa! znów mogę malować
masz u mnie duźe piwo!!
pytanko jeszcze jak moźna się ustrzec od tego świństwa? czy kontrola kasperskiego wystarczy? a moźe koźystanie z mozzilli?
pozdrawiam
dzieki wielkie :lol:
Log jest teraz czysty, o wyłączonym menadzerze masz w przylejonym FAQ w dziale XP
Rozumiem ze tapeta zniknęła, zostały jakies inne restrykcje ?
Poszukaj ich w podkluczach w kluczu: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
Rozumiem ze tapeta zniknęła, zostały jakies inne restrykcje ?
Poszukaj ich w podkluczach w kluczu: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
zrobil wg instrukcji w trybie awaryjnym przy wyłączonym trybie przywracania....ale wciąź coś siedzi bo nie mogę uruchomić menadźera zadań –pisze, źe został wyłączony przez administratora...chyba źe jest inna moźliwość niź przez ctr+alt+del i CTRL+SHIFT+ESC...choć wlazlem jakos do konta administratora i tam dziala menadźer to moźliwe źe skubaniec stworzył takie konto i moje zaniźył w uprawnieniach?! to moźe się poprostu przeniose na jego:)
a zobacz jeszcze czy tera jest ok logo
teraz logo tak wygląda
a zobacz jeszcze czy tera jest ok logo
teraz logo tak wygląda
Logfile of HijackThis v1.99.1
Scan saved at 13:00:41, on 2005–08–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\ThinkPad\TouchBoard\LOGONCMD.exe
C:\Program Files\ThinkPad\TouchBoard\touchbrd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\UPDD\TBSysTry.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\IBM\IBM Ink Manager Pro\InkXfer.exe
C:\Program Files\IBM\IBM Ink Manager Pro\pim.exe
C:\WINDOWS\System32\ltcm000c.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\tsproto.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Programy\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {49E0E0F0–5C30–11D4–945D–000000000000} – C:\WINDOWS\system32\IEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 – HKLM\..\Run: [TBSysTry] C:\Program Files\UPDD\TBSysTry.exe
O4 – HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 – HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 – HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 – HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 – HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 – HKLM\..\Run: [Ink Transfer] C:\Program Files\IBM\IBM Ink Manager Pro\InkXfer.exe
O4 – HKLM\..\Run: [Ink QuickNote] C:\Program Files\IBM\IBM Ink Manager Pro\reminder.exe
O4 – HKLM\..\Run: [Ink PIM] C:\Program Files\IBM\IBM Ink Manager Pro\pim.exe
O4 – HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 – HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" –turbo
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: ImageFox.lnk = ?
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 – Extra button: ICQ Pro – {6224f700–cba3–4071–b251–47cb894244cd} – C:\PROGRA~1\ICQ\ICQ.exe
O9 – Extra 'Tools' menuitem: ICQ – {6224f700–cba3–4071–b251–47cb894244cd} – C:\PROGRA~1\ICQ\ICQ.exe
O12 – Plugin for .fpx: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll
O12 – Plugin for .ivr: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll
O12 – Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {0006F063–0000–0000–C000–000000000046} (Microsoft Outlook View Control) – http://activex.microsoft.com/activex/controls/office/outlctlx.CAB
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {3F0EECCE–E138–11D1–8712–0060083D83F5} (LPViewer Class) – http://www.mgisoft.com/ActiveX/LPControl.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 – Service: IBM PM Service (IBMPMSVC) – IBM Corp. – C:\WINDOWS\System32\ibmpmsvc.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Logon CMD (logoncmd) – Unknown owner – C:\Program Files\ThinkPad\TouchBoard\LOGONCMD.exe
Wyłącz przywracanie
Zakoncz procesy:
kernels32.exe
qkshoubn.exe
bargains.exe
Odinstaluj z Dodaj/Usuń szpiega zamulacza New.Net oraz ew. inne programy z listy poniźej jeśli beda
Zaznacz i usun wpisy, pliki/katalogi zaznaczone boldem usun recznie z dysku:
Zakoncz procesy:
kernels32.exe
qkshoubn.exe
bargains.exe
Odinstaluj z Dodaj/Usuń szpiega zamulacza New.Net oraz ew. inne programy z listy poniźej jeśli beda
Zaznacz i usun wpisy, pliki/katalogi zaznaczone boldem usun recznie z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4041
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4041
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
Wartosc usuwasz recznie z klucza HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 – Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: WHttpHelper Class – {9896231A–C487–43A5–8369–6EC9B0A96CC0} – C:\WINDOWS\System32\WStart.dll (file missing)
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [qArb6jR] C:\WINDOWS\gkcur.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 – HKLM\..\Run: [qkshoubn] C:\WINDOWS\System32\qkshoubn.exe
O4 – HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.178.84
O15 – Trusted IP range: 67.19.178.84 (HKLM)
Usun tylko te ktore nie sa Twoje, te ktorych nie znasz:
O16 – DPF: {03F998B2–0E00–11D3–A498–00104B6EB52E} (MetaStreamCtl Class) – https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://martenek.com/ThumbnailFrame.html
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {210D0CBC–8B17–48D1–B294–1A338DD2EB3A} (VatCtrl Class) – http://207.229.32.203:20099/VatDec.cab
O16 – DPF: {3F0EECCE–E138–11D1–8712–0060083D83F5} (LPViewer Class) – http://www.mgisoft.com/ActiveX/LPControl.cab
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://217.113.232.40/activex/AxisCamControl.cab
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://207.229.32.203:20099/h263ctrl.cab
O18 – Filter: text/html – {4F7681E5–6CAF–478D–9CB8–4CA593BEE7FB} – C:\WINDOWS\System32\xplugin.dll
O21 – SSODL: System – {D33A4D9D–78E9–4E96–B792–1FEEDF7B98F7} – vr_sys.dll (file missing)
Strona 1 / 1