startpage.19.j jak to paskuctwo usunąć
Bardzo proszę o pomoc jak usunąć tego trojana :cry:
Odpowiedzi: 6
dzięki pomogło :wink:
Wyłączasz przywracanie i zaprzęgasz do roboty tego fixa: http://forum.centrumxp.pl/viewtopic.php?t=33138
Zakończ dodatkowo procesy:
m?dtc.exe (pytajnik będzie zastąpiony inną literą)
ttmn.exe
Usuń wpisy oraz pliki/foldery wyróźnione:
Opróźnij Temp
Zakończ dodatkowo procesy:
m?dtc.exe (pytajnik będzie zastąpiony inną literą)
ttmn.exe
Usuń wpisy oraz pliki/foldery wyróźnione:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {7A58A48F–76BE–4953–A9DE–692392F4A4B8} – C:\WINDOWS\System32\hbah.dll
O2 – BHO: (no name) – {86044C4A–A689–D50E–D74A–FB1D8145409D} – C:\WINDOWS\System32\ydxzc.dll
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [Dcwl] C:\WINDOWS\System32\m?dtc.exe
O4 – HKCU\..\Run: [Seoa] C:\Program Files\cria\ttmn.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge–c18.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/Hotbar/programs/Hotbar.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
O18 – Filter: text/html – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O18 – Filter: text/plain – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Obkaqm32.dll (file missing)
Opróźnij Temp
Logfile of HijackThis v1.99.1
Scan saved at 21:47:07, on 2005–06–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\G–VGA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\m?dtc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\cria\ttmn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\KARI\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {7A58A48F–76BE–4953–A9DE–692392F4A4B8} – C:\WINDOWS\System32\hbah.dll
O2 – BHO: (no name) – {86044C4A–A689–D50E–D74A–FB1D8145409D} – C:\WINDOWS\System32\ydxzc.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G–VGA.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKCU\..\Run: [Dcwl] C:\WINDOWS\System32\m?dtc.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Seoa] C:\Program Files\cria\ttmn.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Mass Downloader – {0FD01980–CCCB–11D3–80D4–0000E80E2EDE} – E:\INSTALKI\PROGRAMY\MASS_DOWNLOADER_3_0_577_SR1\NOWY_FOLDER\massdown.exe
O9 – Extra 'Tools' menuitem: &Mass Downloader – {0FD01980–CCCB–11D3–80D4–0000E80E2EDE} – E:\INSTALKI\PROGRAMY\MASS_DOWNLOADER_3_0_577_SR1\NOWY_FOLDER\massdown.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge–c18.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/Hotbar/programs/Hotbar.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Filter: text/html – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O18 – Filter: text/plain – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Obkaqm32.dll (file missing)
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 21:47:07, on 2005–06–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\G–VGA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\m?dtc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\cria\ttmn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\KARI\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KARI\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {7A58A48F–76BE–4953–A9DE–692392F4A4B8} – C:\WINDOWS\System32\hbah.dll
O2 – BHO: (no name) – {86044C4A–A689–D50E–D74A–FB1D8145409D} – C:\WINDOWS\System32\ydxzc.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G–VGA.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKCU\..\Run: [Dcwl] C:\WINDOWS\System32\m?dtc.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Seoa] C:\Program Files\cria\ttmn.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Mass Downloader – {0FD01980–CCCB–11D3–80D4–0000E80E2EDE} – E:\INSTALKI\PROGRAMY\MASS_DOWNLOADER_3_0_577_SR1\NOWY_FOLDER\massdown.exe
O9 – Extra 'Tools' menuitem: &Mass Downloader – {0FD01980–CCCB–11D3–80D4–0000E80E2EDE} – E:\INSTALKI\PROGRAMY\MASS_DOWNLOADER_3_0_577_SR1\NOWY_FOLDER\massdown.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge–c18.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/Hotbar/programs/Hotbar.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – ms–its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Filter: text/html – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O18 – Filter: text/plain – {E23B3720–E846–4304–9DEF–15F3F431552E} – C:\WINDOWS\System32\hbah.dll
O21 – SSODL: Web Event Logger – {7CFBACFF–EE01–1231–ABDD–416592E5D639} – C:\WINDOWS\System32\Obkaqm32.dll (file missing)
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Zainteresuj sie przyklejonym tutaj tematem a w nim linkiem o HiJack This. Zawartosc loga wklej do nastepnego posta.
nie to nie jest strona tylko samo uruchamijace się reklamy :cry:
hm a to jest strona startowa?
spróbuj cwshredder
spróbuj cwshredder
Strona 1 / 1