CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo uprzejmie proooosze o pomoc ;–)

uprzejmie proooosze o pomoc ;–)

mam jakiegoś spyware'a i źaden program mi nie chce go usunąć – strona startowa jest ciągle ustawiona na about:blank i pojawiają sie pop–up'y – ponadto jak chce np wejśc na wp.pl to pojawia się ta about:blank. czy ktoś mógłby przestudiować mojego loga? prosze :D

Logfile of HijackThis v1.98.2
Scan saved at 23:55:04, on 2004–11–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSSystem32devldr32.exe
C:Program FilesMessengermsmsgs.exe
C:Program FileseMuleemule.exe
C:Program Filesfoobar2000foobar2000.exe
C:Program FilesInternet Exploreriexplore.exe
D:instalkihijackthisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {628DD0FB–884F–4154–89E0–12DE1DACC6D4} – C:WINDOWSSystem32mded.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [Lexmark 2200 Series] "C:Program FilesLexmark 2200 Serieslxbvbmgr.exe"
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GameDesire Checkers) – http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {F00F4763–7355–4725–82F7–0DA94A256D46} (IncrediMail) – http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O17 – HKLMSystemCCSServicesTcpip..{23987AF3–6D11–4478–888E–3B909E1C243D}: NameServer = 194.204.159.1,194.204.152.34
O18 – Filter: text/html – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll
O18 – Filter: text/plain – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll

Odpowiedzi: 4

dzięki wszystkim za porade :D jak narazie wszystko jest cacy – zrobilem tak jak radziliście :D
Barthez
Dodano
04.11.2004 17:13:44
Bobi_robert:
mded.dll zero info w internecie
IMO tez do wylotu
Nie tylko Twoim zdaniem. Nie ma sladu, wiec raus.

A te tempy w profilu C:DOCUME~1MiszczuUSTAWI~1Temp powinny byc wyczyszczone recznie do zera. Nawet w awaryjnym jesli normalnie ni pojdzie.
EL NINO
Dodano
04.11.2004 12:45:11
Z HDD wylatuje:
opróznij Temp w Ustawieniach Lokalnych


R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GameDesire Checkers) – http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab


Mam watpliwosci co do tego:
O18 – Filter: text/html – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll
O18 – Filter: text/plain – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll
02 – BHO: (no name) – {628DD0FB–884F–4154–89E0–12DE1DACC6D4} – C:WINDOWSSystem32mded.dll
O18 – Filter: text/html – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll
O18 – Filter: text/plain – {3C729815–B0C0–4CF6–A301–EA0414642122} – C:WINDOWSSystem32mded.dll

mded.dll zero info w internecie
IMO tez do wylotu
Bobi
Dodano
04.11.2004 08:38:45
to chyba to ale nie jestem pewny spytaj sie innych

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1MiszczuUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
Darks
Dodano
04.11.2004 08:15:08
Barthez
Dodano:
04.11.2004 01:00:59
Komentarzy:
4
Strona 1 / 1