Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    usbn.exe

    IP: *.infopac.ru 26.09.05, 17:35
    Pomozcie jak sie tego pozbyc!!!!!!!!!!!!!!!
    Obserwuj wątek
      • Gość: Kolobos Re: usbn.exe IP: *.warszawa.sdi.tpnet.pl 26.09.05, 18:03
        Usunac..., a tak w ogole to wklej log z hijackthis bo pewnie masz tego duzo
        wiecej.
        • Gość: olo Re: usbn.exe IP: *.lnk.totel.ru 27.09.05, 03:27
          ale jak to zrobic
          • Gość: Luki_er Re: usbn.exe IP: *.rybnet.pl 27.09.05, 08:34
            sciagnij sobie program "HijackThis v1.99.1" np. ze stronki:
            www.tomcoyote.org/hjt/
            jesli nie znasz ang. to poszukaj sobie w wyszukiwarce tego programu na polskich
            stronach i po zeskanowaniu systemu przez ten program, wklej tutaj log z hijackthis.
            • Gość: olo Re: usbn.exe IP: *.infopac.ru 27.09.05, 17:25
              Mam

              Running processes:
              E:\WINDOWS\System32\smss.exe
              E:\WINDOWS\system32\winlogon.exe
              E:\WINDOWS\system32\services.exe
              E:\WINDOWS\system32\lsass.exe
              E:\WINDOWS\system32\svchost.exe
              E:\WINDOWS\System32\svchost.exe
              E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              E:\WINDOWS\system32\spoolsv.exe
              E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              D:\UZYTKI\VIREK\Norton AntiVirus\navapsvc.exe
              E:\WINDOWS\System32\nvsvc32.exe
              E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              E:\WINDOWS\System32\svchost.exe
              D:\UZYTKI\VIREK\Norton AntiVirus\SAVScan.exe
              E:\WINDOWS\Explorer.EXE
              E:\Program Files\Common Files\Symantec Shared\ccApp.exe
              E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
              D:\UZYTKI\Treo\Hotsync.exe
              E:\DOCUME~1\home\USTAWI~1\Temp\Rar$EX00.867\HijackThis.exe
              E:\Program Files\Common Files\Real\Update_OB\rndal.exe
              E:\Program Files\Gadu-Gadu\gg.exe
              E:\Program Files\Internet Explorer\IEXPLORE.EXE

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.google.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              www.google.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.google.pl/
              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
              red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program
              Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
              D:\UZYTKI\VIREK\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              E:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
              E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
              D:\UZYTKI\VIREK\Norton AntiVirus\NavShExt.dll
              O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec
              Shared\ccApp.exe"
              O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common
              Files\Real\Update_OB\evntsvc.exe -osboot
              O4 - HKLM\..\Run: [MSConfig]
              E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
              O4 - HKCU\..\Run: [HDDHealth] E:\Program Files\HDD Health\hddhealth.exe -wl
              O4 - Startup: palmOne Registration.lnk = D:\UZYTKI\Treo\register.exe
              O4 - Global Startup: HotSync Manager.lnk = D:\UZYTKI\Treo\Hotsync.exe
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              E:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              00aa003c157a} - E:\WINDOWS\web\related.htm
              O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
              O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
              O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
              O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{79BC1E92-1221-4234-9DAE-294619504B55}:
              NameServer = 80.55.135.198
              O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} -
              E:\WINDOWS\System32\vbsys2.dll
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
              E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
              E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
              E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
              E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Microsoft NetWork FireWall Services - Unknown owner -
              NetServices.exe (file missing)
              O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
              Symantec Corporation - D:\UZYTKI\VIREK\Norton AntiVirus\navapsvc.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
              E:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: PSEXESVC - Sysinternals - E:\WINDOWS\System32\PSEXESVC.EXE
              O23 - Service: SAVScan - Symantec Corporation - D:\UZYTKI\VIREK\Norton
              AntiVirus\SAVScan.exe
              O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
              E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
              Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program
              Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

              • Gość: K. Re: usbn.exe IP: *.warszawa.sdi.tpnet.pl 27.09.05, 19:20
                Usun w hijackthis to:

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*www.yahoo.com/e
                xt/search/search.html
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*www.yahoo.com/e
                xt/search/search.html
                R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*www.yahoo.com
                O4 - Startup: palmOne Registration.lnk = D:\UZYTKI\Treo\register.exe <- to
                mozesz usunac z autostartu jak chcesz (start->programy->autostart i tam usuwasz)
                O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
                O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
                O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
                O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
                O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} -
                E:\WINDOWS\System32\vbsys2.dll <- usun plik
                O23 - Service: Microsoft NetWork FireWall Services - Unknown owner -
                NetServices.exe (file missing) <- uruchom services.msc i tam wylacz ta usluge.


                I gdzie ten usbn.exe ? W logu go nie ma jak widzisz, jak masz problem z jego
                usunieciem to uzyj killbox (znajdziesz na google) z opcja delete on reboot i
                juz.
                • Gość: olo Re: usbn.exe IP: *.infopac.ru 30.09.05, 18:50
                  dzieki pomoglo!!!!!!!!!!!
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin