Spyware - Spybot - problem

IP: *.neoplus.adsl.tpnet.pl 14.04.05, 20:49
Co mam zrobic przeskanowaBam system i w spybot znalazl mi 57 spywerow i
wszystkie na czerwono co mam zrobic????

to jest skopiowane z pomocy
Red entries indicate spyware problems that should be fixed to avoid security
and/or privacy problems. This is the only kind of problem that is preselected
to be fixed.
    • Gość: Kolobos Re: Spyware - Spybot - problem IP: *.warszawa.sdi.tpnet.pl 14.04.05, 20:53
      Zaznacz wszystkie i usun (Fix czy jak to sie tam nazywa), co jeszcze chcesz
      robic?
      Moze wklej jeszcze log z hijackthis:
      www.spychecker.com/program/hijackthis.html
      • Gość: julia Re: Spyware - Spybot - problem IP: *.neoplus.adsl.tpnet.pl 14.04.05, 21:12
        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:12, on 2005-04-14
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\Program Files\PestPatrol\PPControl.exe
        C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
        C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Corel\Graphics8\Programs\MFIndexer.exe
        C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
        C:\PROGRA~1\NEOSTR~1\ComComp.exe
        C:\PROGRA~1\NEOSTR~1\Watch.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\Julia\USTAWI~1\Temp\Rar$EX01.016\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        szukaj.wp.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.neostrada.pl
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
        C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
        Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
        \bin\jusched.exe
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program
        Files\PestPatrol\PPControl.exe
        O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
        O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
        O4 - Startup: Magnifier.lnk = C:\WINDOWS\system32\magnify.exe
        O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8
        \Programs\MFIndexer.exe
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar1.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\System32\msjava.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
        www.windowsecurity.com/trojanscan/TDECntrl.CAB
        O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
        67.15.101.3/g_bin/pl/boards_2_0_0_15.cab
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
        a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
        O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
        www.180searchassistant.com/180saax.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
        67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{4185134D-237D-4DB2-BFEC-CC1A1A1A8BBF}:
        NameServer = 194.204.152.34 217.98.63.164
        O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
        4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
        O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
        C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE

        i jak skanowaBam na housecall.trendmicro.com/housecall/start_corp.asp i
        znalazBo mi 2 trojany
        TROJ HARNIG.GEN
        TROJ HARNIG.AL

        I CO MAM Z TY ZROBIC
        • Gość: Kolobos Re: Spyware - Spybot - problem IP: *.warszawa.sdi.tpnet.pl 14.04.05, 21:29
          Znalazl i usunal czy tylko znalazl i zostawil? W jakich plikach to wykryl?

          To odinstaluj:
          PayTime

          I zaznacz w hijackthis te wpisy:
          O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
          C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
          O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
          4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll

          I nacisnij Fix Checked.

          Nastepnie w hijackthis wybierz Open Misc Tools i tam Delete file on reboot i
          wklej sciezke do:
          C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll i nacisnij ok.

          Po resecie wklej nowy log z hijackthis.
          • Gość: Julia Re: Spyware - Spybot - problem IP: *.neoplus.adsl.tpnet.pl 14.04.05, 21:48
            nowy log

            Logfile of HijackThis v1.99.1
            Scan saved at 21:46:35, on 2005-04-14
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\SYSTEM32\logonui.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\Program Files\AVPersonal\AVGUARD.EXE
            C:\Program Files\AVPersonal\AVWUPSRV.EXE
            C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
            C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
            C:\Program Files\AVPersonal\AVGNT.EXE
            C:\Program Files\AVPersonal\AVSched32.EXE
            C:\Program Files\PestPatrol\PPControl.exe
            C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
            C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Corel\Graphics8\Programs\MFIndexer.exe
            C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
            C:\PROGRA~1\NEOSTR~1\ComComp.exe
            C:\PROGRA~1\NEOSTR~1\Watch.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Program Files\WinRAR\WinRAR.exe
            C:\DOCUME~1\Julia\USTAWI~1\Temp\Rar$EX00.062\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            szukaj.wp.pl
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.neostrada.pl
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
            C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
            O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
            C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
            Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
            C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
            O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
            Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
            \bin\jusched.exe
            O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
            O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
            O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program
            Files\PestPatrol\PPControl.exe
            O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
            O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
            O4 - Startup: Magnifier.lnk = C:\WINDOWS\system32\magnify.exe
            O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8
            \Programs\MFIndexer.exe
            O8 - Extra context menu item: &Google Search - res://c:\program
            files\google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: Backward Links - res://c:\program
            files\google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
            files\google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://c:\program
            files\google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate into English - res://c:\program
            files\google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\WINDOWS\System32\msjava.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\WINDOWS\System32\msjava.dll
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
            O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
            www.windowsecurity.com/trojanscan/TDECntrl.CAB
            O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
            67.15.101.3/g_bin/pl/boards_2_0_0_15.cab
            O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
            a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
            www.180searchassistant.com/180saax.cab
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            www.pandasoftware.com/activescan/as5/asinst.cab
            O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
            67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
            O17 - HKLM\System\CCS\Services\Tcpip\..\{4185134D-237D-4DB2-BFEC-CC1A1A1A8BBF}:
            NameServer = 194.204.152.34 217.98.63.164
            O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
            C:\Program Files\AVPersonal\AVGUARD.EXE
            O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
            C:\Program Files\AVPersonal\AVWUPSRV.EXE
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            • Gość: Kolobos Re: Spyware - Spybot - problem IP: *.warszawa.sdi.tpnet.pl 15.04.05, 10:25
              Log jest juz czysty.
Pełna wersja