CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo spyware, adware i chyba jeszcze troche :(

spyware, adware i chyba jeszcze troche :(

oj chyba jednak musze coś z tym zrobić :( proszę o pomoc ...
zrobiłam skanowanie pandą on–line (załączam raport)
zrobiłam takźe skanowanie programem Ad–Aware SE Personal (załączam obrazki)

a oto log z hijacka:

Logfile of HijackThis v1.97.7
Scan saved at 13:16:05, on 2005–02–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:ProgramyNorton Antivirus 2004 PL avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSMixer.exe
C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
C:WINDOWSSystem32 undll32.exe
C:Program FilesGtdlsqCkrgb.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
D:Programykazaakazaalite.kpp
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
D:ProgramyGadu–Gadugg.exe
C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
D:ProgramyNorton Antivirus 2004 PLSAVScan.exe
D:ProgramyLavasoftAd–Aware SE PersonalAd–Aware.exe
C:WINDOWSexplorer.exe
C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE
D:ProgramyHiJackThisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll (file missing)
O2 – BHO: (no name) – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {0182F4ED–D55A–45C7–A93F–EA3718CCBE8C} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet4_85.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O4 – HKLM..Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM..Run: [LWBMOUSE] C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
O4 – HKLM..Run: [System32] "user32.exe" –user
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [kbgkbapye] C:WINDOWSSystem32zwzrxy.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Amte] C:WINDOWSaduadx.exe
O4 – HKLM..Run: [Ucxsur] C:Program FilesGtdlsqCkrgb.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [KAZAA] "D:Programykazaakpp.exe" "D:Programykazaakazaalite.kpp" /SYSTRAY
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [iIWiper] C:Program FilesiISystem WiperSystemWiper.exe m
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–GaduPowergg.exe" /tray
O4 – Global Startup: Multimedia Easy Keyboard.lnk = C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyMSOFFI~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {02BCC737–B171–4746–94C9–0D8A0B2C0089} (Microsoft Office Template and Media Control) – http://office.microsoft.com/templates/ieawsdc.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38049.2264236111
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} (Installations Assistent) – http://install.premiumzone.de/InstallationsAssistent.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

jak to wszystko zobaczyłam to prawie spadłam z krzesła :? kompletnie nie wiem co mam teraz z tym wszystkim zrobić :( :( pomóźcie ... :(

Odpowiedzi: 20

Ania:
juź jej nie mam :D

I bardzo dobrze trzymaj sie od tego syfu z daleka
Bobi
Dodano
22.02.2005 15:52:03
juź jej nie mam :D
Ania
Dodano
22.02.2005 15:49:22
Ania:
mam nadzieje źe juź sie nie pojawie w tym dziale :lol:
Uzywajac Kazaa ? Zalozymy sie ? :P
EL NINO
Dodano
22.02.2005 10:28:54
juź wszystko ok, po prostu wyrzucałam je z kwarantanny, a nie z komputera ... ufff mam nadzieje źe juź sie nie pojawie w tym dziale :lol: dziękuje wszystkim za pomoc, a przede wszystkim za cierpliwość :lol:
Ania
Dodano
22.02.2005 00:13:52
Wiec usun recznie pliki *.bckp z ktoregos z katalogow Ad–awere
Bobi
Dodano
22.02.2005 00:10:19
hmmmm ale jak wchodzę na kwarantanne w Ad–Aware, zaznaczam te pliki i daję na "usuń", a potem jeszcze raz skanuje to one znowu są !!! :?
Ania
Dodano
21.02.2005 23:57:31
Jest juz OK, ale na Twoim miejscu ununalbym rowniez to jesli nie wiesz coz to takiego:

O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} (Installations Assistent) – http://install.premiumzone.de/InstallationsAssistent.ocx


Usuwaj z kwarantanny.
EL NINO
Dodano
21.02.2005 23:26:46
Uzyskalas log w HiJacku. Zauwazylas okienka po lewej stronie wpisow ? Zaznacz je przy rzeczach do usuniecia i nacisnij FIX...


dziękuje bardzo :)

tak wygląda teraz mój log:
Logfile of HijackThis v1.97.7
Scan saved at 22:19:27, on 2005–02–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:ProgramyNorton Antivirus 2004 PL avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
D:ProgramyNorton Antivirus 2004 PLSAVScan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMixer.exe
C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
D:ProgramyHiJackThisHijackThis.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O4 – HKLM..Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM..Run: [LWBMOUSE] C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [KAZAA] "D:Programykazaakpp.exe" "D:Programykazaakazaalite.kpp" /SYSTRAY
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [iIWiper] C:Program FilesiISystem WiperSystemWiper.exe m
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–GaduPowergg.exe" /tray
O4 – Global Startup: Multimedia Easy Keyboard.lnk = C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyMSOFFI~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {02BCC737–B171–4746–94C9–0D8A0B2C0089} (Microsoft Office Template and Media Control) – http://office.microsoft.com/templates/ieawsdc.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38049.2264236111
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} (Installations Assistent) – http://install.premiumzone.de/InstallationsAssistent.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

mam jescze jedno pytanie ... co z tymi wszystkimi plikami które mam w kwarantannie w Ad–aware Se Personal i Nortonie ???? (gdzieś na początku wkleiłam obrazki)
Ania
Dodano
21.02.2005 23:21:03
Ania:
jak mam usunąć coś takiego :
(...)
a ja nie wiem gdzie tego szukać
Uzyskalas log w HiJacku. Zauwazylas okienka po lewej stronie wpisow ? Zaznacz je przy rzeczach do usuniecia i nacisnij FIX...

Nie zadawalabys takich pytan, gdybys zapoznala sie z tematem o HiJacku.

Ania:
... boźe to za trudne dla mnie
Nie chciej, abym napisal co masz zrobic z kompem.

P.S. Nie usuwaj wpisu w wp.pl. Bobik go przeoczyl.
EL NINO
Dodano
21.02.2005 22:41:34
Dobra Aniu dla Ciebie specjanie mały wykład na przykladach
Np
Masz do usuniecia taka oto rzecz:
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe

Syfiasty jest cały katalog z Program Files czyli usuwasz w całosci zeby smieci sie nie paletały po dysku, czyli do kosza C:Program FilesBullsEye Network klikasz na ten folder i Shift + Del
Tak robisz ze wszystkimi wpisami ktore odwołuja sie do Program Files

Teraz masz cos takiego np.
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll

Nie usuwasz całego system32 bo niby jak, to systemowy katalog
Znajdujesz w tym folderze plik mscb.dll i do kosza

Na koniec otwierasz sobie HijackThis i w okienku gdzie robisz Scan zaraz po zaznaczasz ptzaszkami te wpisy i pozniej klikasz w fix chcecked

Sory ale prosciej juz nie umiem

Update:
Teraz ja byłem szybszy "dziadygo" :wink:
A WP to jak zwykel – czep sie
Bobi
Dodano
21.02.2005 22:41:12
... ale ja dalej nic z tego nie rozumiem,

jak mam usunąć coś takiego :

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/


albo jak np, znaleźć coś takiego:

O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe


dalej nic a nic nie kapuje, karzecie mi usunąć całą liste "czegoś" (nawet nie wiem co to jest .. pliki ? całe katalogi ?) a ja nie wiem gdzie tego szukać ... boźe to za trudne dla mnie
Ania
Dodano
21.02.2005 22:33:41
EL NINO:
Bobik, spozniony masz zaplon :mrgreen: .

Kurna zima przecie to i silnik nie ten :mrgreen:
Bobi
Dodano
21.02.2005 22:28:04
EL NINO:
Bobik, spozniony masz zaplon :mrgreen: .

Kurna zima przecie to i silnik nie ten :mrgreen:
Bobi
Dodano
21.02.2005 22:28:04
Bobik, spozniony masz zaplon :mrgreen: .
EL NINO
Dodano
21.02.2005 22:24:33
Wiec praktyczniie nic nie usunełas

Do wylaczenia proces:
zwzrxy.exe

Do usuniecia:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll (file missing)
O2 – BHO: (no name) – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {0182F4ED–D55A–45C7–A93F–EA3718CCBE8C} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O4 – HKLM..Run: [System32] "user32.exe" –user
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [kbgkbapye] C:WINDOWSSystem32zwzrxy.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Amte] C:WINDOWSaduadx.exe
O4 – HKLM..Run: [Ucxsur] C:Program FilesGtdlsqCkrgb.exe
Bobi
Dodano
21.02.2005 22:21:43
New.Neta juz nie ma. Zwroc uwage na pliki exe (ponizej) znajdujace sie w Program Files. Usun rowniez cale foldery. Ta Kazaa zasyfi Ci komp za pare godzin.


Usun:

C:WINDOWSSystem32zwzrxy.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll (file missing)
O2 – BHO: (no name) – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {0182F4ED–D55A–45C7–A93F–EA3718CCBE8C} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O4 – HKLM..Run: [System32] "user32.exe" –user
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [kbgkbapye] C:WINDOWSSystem32zwzrxy.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Amte] C:WINDOWSaduadx.exe
O4 – HKLM..Run: [Ucxsur] C:Program FilesGtdlsqCkrgb.exe
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} (Installations Assistent) – http://install.premiumzone.de/InstallationsAssistent.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab


Jesli grasz, wpisy z grami pozostaw.
EL NINO
Dodano
21.02.2005 22:20:29
tak wygląda teraz mój log:

Logfile of HijackThis v1.97.7
Scan saved at 21:07:39, on 2005–02–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:ProgramyNorton Antivirus 2004 PL avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
D:ProgramyNorton Antivirus 2004 PLSAVScan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMixer.exe
C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
C:WINDOWSSystem32zwzrxy.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
D:Programykazaakazaalite.kpp
C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
D:ProgramyHiJackThisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153472
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153472
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll (file missing)
O2 – BHO: (no name) – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: C:WINDOWSlbbho.dll – {0182F4ED–D55A–45C7–A93F–EA3718CCBE8C} – C:WINDOWSlbbho.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:ProgramyNorton Antivirus 2004 PLNavShExt.dll
O4 – HKLM..Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM..Run: [LWBMOUSE] C:Program FilesPERFECT SERIESOptical Mouse3.0MOUSE32A.EXE
O4 – HKLM..Run: [System32] "user32.exe" –user
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [kbgkbapye] C:WINDOWSSystem32zwzrxy.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Amte] C:WINDOWSaduadx.exe
O4 – HKLM..Run: [Ucxsur] C:Program FilesGtdlsqCkrgb.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [KAZAA] "D:Programykazaakpp.exe" "D:Programykazaakazaalite.kpp" /SYSTRAY
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [iIWiper] C:Program FilesiISystem WiperSystemWiper.exe m
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–GaduPowergg.exe" /tray
O4 – Global Startup: Multimedia Easy Keyboard.lnk = C:Program FilesMultimedia Easy Keyboard NTeasykey.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyMSOFFI~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {02BCC737–B171–4746–94C9–0D8A0B2C0089} (Microsoft Office Template and Media Control) – http://office.microsoft.com/templates/ieawsdc.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38049.2264236111
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} (Installations Assistent) – http://install.premiumzone.de/InstallationsAssistent.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

więc ... co teraz mam zrobić ?? :?
Ania
Dodano
21.02.2005 22:08:46
Ania:
mam ściągnąć ten program ???
Ktory ? Do usuwania New.Neta czy do naprawy winsock ? Jesli dzisiaj log z HJ wyglada tak jak w sobote, to oczywiscie trzeba to usunac. No a jesli net nie bedzie chodzil, naprawisz winsockxpfixem.
EL NINO
Dodano
21.02.2005 21:59:58
a co ze mną ???????? :cry: :cry: mam ściągnąć ten program ??? a jak znowu nie będzie działał net :( :( ?? do czego ten program wogóle słuźy ??
Ania
Dodano
21.02.2005 21:47:14
Przywracanie mozna zalaczyc zaraz po usunieciu "gosci". IMO przywracanie jest potrzebne – nie wiadomo kiedy moze sie przydac w razie awarii systemu.
EL NINO
Dodano
21.02.2005 21:37:23
Ania
Dodano:
19.02.2005 16:11:35
Komentarzy:
20
Strona 1 / 2