W tym wypadku polecam "Start page guard"

Dzieki chlopaki. Jesli jestescie z Kato, to stawiam pyfko. 8)

Tak

Usuwam czyli wybieram "Fix" w HiJackThis, tak?
:roll:

Usuwasz:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1feczkmarUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1feczkmarUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSSYSTEMlank.htm
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {4B02B7D4–BD56–4F18–A479–2A3ADEB7B7B0} – C:WINDOWSSystem32 pol.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O4 – HKLM..Run: [WindUp] WindUp.exe
O4 – HKCU..RunOnce: [data] cmd /C DEL C:WINDOWSWindUp.exe
O4 – HKCU..RunOnce: [win] svc.exe
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O16 – DPF: {08BEF711–06DA–48B2–9534–802ECAA2E4F9} (PlxInstall Class) – https://www.plaxo.com/down/latest/PlaxoInstall.cab
O18 – Filter: text/html – {2B96C427–5F50–440E–8AAA–0295663B5E54} – C:WINDOWSSystem32 pol.dll
O18 – Filter: text/plain – {2B96C427–5F50–440E–8AAA–0295663B5E54} – C:WINDOWSSystem32 pol.dll

Jakby to Trusted IP Range nie chcialo sie usunac to zastosuj KillTrusted

Wywalic wszystkie z literka "R" na poczatku, czy moze dokladnie wszystkie wyniki skanu?

Tempa juz dawno wyczyscilem.

Nie chce namieszac w kompie, bo to komp firmowy, wiec wklejam loga:

Logfile of HijackThis v1.99.1
Scan saved at 15:19:46, on 2005–02–22
Platform: Windows 2000 Dodatek SP. 2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32MsgSys.EXE
C:WINDOWSExplorer.EXE
C:Program FilesNavNTvptray.exe
C:Program Files otalcmdTOTALCMD.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DOCUME~1feczkmarUSTAWI~1TempRar$EX00.867HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1feczkmarUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1feczkmarUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSSYSTEMlank.htm
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {4B02B7D4–BD56–4F18–A479–2A3ADEB7B7B0} – C:WINDOWSSystem32 pol.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar2.dll
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WindUp] WindUp.exe
O4 – HKCU..Run: [internat.exe] internat.exe
O4 – HKCU..RunOnce: [data] cmd /C DEL C:WINDOWSWindUp.exe
O4 – HKCU..RunOnce: [win] svc.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O16 – DPF: {08BEF711–06DA–48B2–9534–802ECAA2E4F9} (PlxInstall Class) – https://www.plaxo.com/down/latest/PlaxoInstall.cab
O18 – Filter: text/html – {2B96C427–5F50–440E–8AAA–0295663B5E54} – C:WINDOWSSystem32 pol.dll
O18 – Filter: text/plain – {2B96C427–5F50–440E–8AAA–0295663B5E54} – C:WINDOWSSystem32 pol.dll
O20 – Winlogon Notify: NavLogon – C:WINDOWSSystem32NavLogon.dll
O23 – Service: DefWatch – Symantec Corporation – C:Program FilesNavNTdefwatch.exe
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:WINDOWSSystem32dmadmin.exe
O23 – Service: Norton AntiVirus Client (Norton AntiVirus Server) – Symantec Corporation – C:Program FilesNavNT tvscan.exe
O23 – Service: ScalaObjClientReg – Scala Business Solutions N.V. – C:Program FilesScala Business Solutions NViScala 2.2 ClientClient_BOScalaObjClientReg.exe

Z gory dzieki za pomoc,
M

Oprozniasz tempa i czyscisz przez HijackThis
Nie poradzisz sobie sam to zapodajesz nam loga

Witam,

Tez mam to cholerstwo w systemie – se.dll. Ad–awarem odinstalowalem co sie dalo, oczyscilem pulpit, ale przy wlaczaniu explorera ciagle pojawia sie komunikat NAVa ze znalazl Trojan.StartPage.
:?
Aha, uzywam Windowsa 2000.

Hilfe :!:
M

Witam,

Tez mam to cholerstwo w systemie – se.dll. Ad–awarem odinstalowalem co sie dalo, oczyscilem pulpit, ale przy wlaczaniu explorera ciagle pojawia sie komunikat NAVa ze znalazl Trojan.StartPage.
:?
Aha, uzywam Windowsa 2000.

Hilfe :!:
M

Ok, wielkie dzięki za pomoc!

http://www.centrumxp.pl/forum/viewtopic.php?t=30070

http://www.centrumxp.pl/forum/viewtopic.php?t=30070

Moźecie mi pomóc w sprawie tej paskudnej tapety?

wins:

Dodatkowo sfixuj te pozycje:
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

To wpisy dodawane przez Spybota

@pabgol: Zaznacz pokazywanie ukrytych plikow i bij w awaryjnym
Mozesz sie rowniez posłuzyc Killboxem wpisujac sciezki do plikow tylko w przypadku DSMANA~1.DLL musisz obczaic pełna nazwe zamiast tej tyldy

pabgol:

Pozostałe czynności wykonałem, ale dalej przy otwieraniu explorera wyskakuje komunikat Nortona, źe znaleziono wirusa.... se.dll...nie moźna usunąć

Oproznij Temp w awaryjnym

Pozostałe czynności wykonałem, ale dalej przy otwieraniu explorera wyskakuje komunikat Nortona, źe znaleziono wirusa.... se.dll...nie moźna usunąć

lmie.dll

– nie mogłem usunąć

DSMANA~1.DLL

nie znalazłem

Po tym zabiegu trojana masz z glowy, tapete juz usunałes ??

Jeszcze nie, poniewaź mam utrudnione szukanie przez modyfikowanie wyników przez trojana. Moźesz mi pomóc?

Dodatkowo sfixuj te pozycje:
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

Wylacz sobie przywracanie systemu

Zakoncz proces:
cmd32.exe

Usun z HDD:
cmd32.exe
lmie.dll
DSMANA~1.DLL
oproznij Temp


FIX:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
02 – BHO: (no name) – {00C6482D–C502–44C8–8409–FCE54AD9C208} – (no file)
O2 – BHO: (no name) – {832AFDCF–808F–4DBC–B9D0–E22109897873} – C:WINDOWSSystem32lmie.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O3 – Toolbar: (no name) – {8FF5E183–ABDE–46EB–B09E–D2AAB95CABE3} – (no file)
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll,DllInstall
O18 – Filter: text/html – {F3B087D0–AB7D–4994–A960–09FD9B6870FE} – C:WINDOWSSystem32lmie.dll
O18 – Filter: text/plain – {F3B087D0–AB7D–4994–A960–09FD9B6870FE} – C:WINDOWSSystem32lmie.dll

Po tym zabiegu trojana masz z glowy, tapete juz usunałes ??

Log:

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
E:ProgramyNavigator Mousemoffice.exe
C:WINDOWSSystem32cmd32.exe
C:WINDOWSSystem32 undll32.exe
C:WINDOWSSystem32ctfmon.exe
E:ProgramyNavigator MouseMOUSE32A.DAT
E:ProgramySpybotTeaTimer.exe
E:ProgramyNorton SystemWorksNorton Antivirus avapsvc.exe
E:ProgramyNORTON~1NORTON~2NPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
E:PROGRAMYOUTPOS~1.0outpost.exe
E:ProgramyNORTON~1NORTON~2SPEEDD~1NOPDB.EXE
E:ProgramyNorton SystemWorksNorton AntivirusSAVScan.exe
E:ProgramyThe Bat hebat.exe
E:ProgramySystem Mechanic 5 ProfessionalPopupStopper.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
E:ProgramyTotalCommanderTOTALCMD.EXE
C:Documents and SettingsPawełPulpithijackthisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {00C6482D–C502–44C8–8409–FCE54AD9C208} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:ProgramyacrobatReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – E:ProgramySpybotSDHelper.dll
O2 – BHO: (no name) – {832AFDCF–808F–4DBC–B9D0–E22109897873} – C:WINDOWSSystem32lmie.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:ProgramyNorton SystemWorksNorton AntivirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – E:ProgramyNorton SystemWorksNorton AntivirusNavShExt.dll
O3 – Toolbar: (no name) – {8FF5E183–ABDE–46EB–B09E–D2AAB95CABE3} – (no file)
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [FLMOFFICE4DMOUSE] E:ProgramyNavigator Mousemoffice.exe
O4 – HKLM..Run: [Outpost Firewall] E:PROGRAMYOUTPOS~1.0outpost.exe /waitservice
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1PAWEŁUSTAWI~1Tempse.dll,DllInstall
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SpybotSD TeaTimer] E:ProgramySpybotTeaTimer.exe
O4 – HKCU..Run: [System Mechanic Popup Stopper] "E:ProgramySystem Mechanic 5 ProfessionalPopupStopper.exe"
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:ProgramyMICROS~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – E:ProgramyMICROS~1OFFICE11REFIEBAR.DLL
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {9B03C5F1–F5AB–47EE–937D–A8EDA626F876} (Anonymizer Anti–Spyware Scanner) – http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {F3B087D0–AB7D–4994–A960–09FD9B6870FE} – C:WINDOWSSystem32lmie.dll
O18 – Filter: text/plain – {F3B087D0–AB7D–4994–A960–09FD9B6870FE} – C:WINDOWSSystem32lmie.dll
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus – Symantec Corporation – E:ProgramyNorton SystemWorksNorton Antivirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – E:ProgramyNORTON~1NORTON~2NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Outpost Firewall Service – Agnitum – E:PROGRAMYOUTPOS~1.0outpost.exe
O23 – Service: SAVScan – Symantec Corporation – E:ProgramyNorton SystemWorksNorton AntivirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – E:ProgramyNORTON~1NORTON~2SPEEDD~1NOPDB.EXE