Co to jest i jak to usunąć?

IP: *.kom / *.kom-net.pl 15.10.05, 11:51
Przy uruchomieniu przeglądarki internet explorer wyskakuje nowe okno np
www3.click2begin.com a dodatkowo to coś albo inne coś robi mi linki pod
tekstem do g...nianych stron albo podmienia linki na stronach i np w tytule
tego forum "Wirusy, trojany, spyware" jest podświetlone na zielono i nie jest
juz linkiem do tego forum :)
Avast i Aware nie widzą problemu.

Proszę o poradę jak "to" usunąć. Dzieki
komputerowiec ;)...słaby
    • Gość: Kolobos Re: Co to jest i jak to usunąć? IP: *.warszawa.sdi.tpnet.pl 15.10.05, 12:02
      Wklej log z hijackthis.
      www.mgregor.republika.pl/
      • Gość: komputerowiec;) Re: Co to jest i jak to usunąć? IP: *.kom / *.kom-net.pl 15.10.05, 12:25
        Logfile of HijackThis v1.99.1
        Scan saved at 12:22:51, on 2005-10-15
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
        C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
        C:\Program Files\Dassault Systemes\B09\intel_a\code\bin\CATSysDemon.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        D:\Programiki\Antywiruchy\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.wp.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32
        \bho.dll
        O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} -
        C:\Program Files\RXToolBar\sfcont.dll (file missing)
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
        O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
        HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
        Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
        \bin\jusched.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
        Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Color Calibration.lnk = ?
        O4 - Global Startup: MagicTune3.5.lnk = ?
        O4 - Global Startup: NaturalColorLoad.lnk = ?
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{724C61B5-FEB7-4474-B8CE-DEE9E0E1EE7E}:
        NameServer = 10.101.1.1,194.204.159.1,62.233.128.17
        O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program
        Files\RXToolBar\sfcont.dll
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program
        Files\Dassault Systemes\B09\intel_a\code\bin\CATSysDemon.exe
        O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
        Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe

        • Gość: Kolobos Re: Co to jest i jak to usunąć? IP: *.warszawa.sdi.tpnet.pl 15.10.05, 12:34
          W hijackthis usun:

          O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32
          \bho.dll <- usun plik
          O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} -
          C:\Program Files\RXToolBar\sfcont.dll (file missing)
          O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program
          Files\RXToolBar\sfcont.dll

          Przeskanuj tez tym:
          download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
          download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
          przeskanowaniu odinstaluj.
          Zamknij porty tym:
          www.firewallleaktester.com/tools/wwdc.exe
          • Gość: aarkom to tez ale z tym cięzkawo IP: *.internetdsl.tpnet.pl 15.10.05, 12:49
            O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
            • Gość: Kolobos Tego nie! IP: *.warszawa.sdi.tpnet.pl 15.10.05, 13:04
              To wpis od karty intela:
              O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
              I nie trzeba go usuwac!
              Na przyszlosc zanim cos napiszesz sprawdz to:
              www.google.pl/search?sourceid=navclient&hl=pl&ie=UTF-8&oe=UTF-8&q=igfxsrvc.dll

          • Gość: komputerowiec;) Dzięki :) IP: *.kom / *.kom-net.pl 15.10.05, 13:31
            Dziękuje Kolobos:)

            Już (narazie ;) ) nie wyskakują mi okienka ani też nie mam "linków" to co
            znalazł MicrosoftAntiSpywareInstall.exe jest na samym dole.(Dlaczego radziłeś
            odinsatlować MicrosoftAntiSpywareInstall.exe ?)
            Co do zamykania portów: jeszcze nie zrobiłem tej ostatniej czynności o której
            pisałeś. Jak bez użycia dodatkowego oprogramowania sterować
            zamknięciem/otwarciem portów? Czy beztroskei zamykanie portów nie spowoduje
            niedziałania programów które powinny działać? Czy wyjątki w zaporze systemu
            wndows to sterowanie otwieraniem portów? Jeżeli tak to czy zmieniając wyjątki
            mamy możliwośc kontrolowania wszystkich portów?
            Może moje pytanie są banalne ale jestem tylko użytkownikeim oprogramowania a
            nie informatykiem :)

            Hmmm skomplikowane to wszystko...jak dla mnie:). Ciekawe za ile czasu Avast i
            Adawae będą potrafiły poradzic sobie z tym problemem z którym dzisiaj nie
            mogły.

            Jeszcze raz dzięki Kolobos,
            pozdrawiam z Wrocławia,
            komputerowiec

            Spyware Scan Details
            Start Date: 2005-10-15 12:47:22
            End Date: 2005-10-15 12:51:13
            Total Time: 3 mins 51 secs

            Detected Threats

            Twain Tech Adware more information...
            Details: Twain Tech is an adware based Internet Explorer browser helper object
            that displays targeted advertisements based on your browsing patterns.
            Status: Removed
            High threat - High-risk items have a large potential for harm, such as loss of
            computer control, and should be removed unless knowingly installed.

            Infected files detected
            c:\windows\smdat32a.sys
            c:\windows\smdat32m.sys


            Altnet Browser Plug-in more information...
            Details: Altnet Topsearch runs as an Internet Explorer browser helper object
            (BHO) and acts as a search engine. It can supply advertising to KaZaA users.
            Status: Removed
            Elevated threat - Elevated-risk items have some potential for harm. Users
            should review such programs and remove them if unwanted.

            Infected registry keys/values detected
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4\CurVer ADM4.ADM4.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4 ADM4 Class
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE AppID {99A8E2B2-3405-4C0D-
            9110-131C14CAAF62}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE AppID
            {8B0FEF15-54DC-49F5-8377-8172DE975F75}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink.1\CLSID {B7156514-A76C-
            4545-9D5B-A4E1D02C7AEC}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink.1 TSLink Class
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25.1\CLSID {1D3BCE37-7834-4579-
            8169-E67681420A98}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink\CLSID {B7156514-A76C-4545-
            9D5B-A4E1D02C7AEC}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink\CurVer TopSearch.TSLink.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch.TSLink TSLink Class
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25.1 ADM25 Class
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25\CurVer ADM25.ADM25.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM25.ADM25 ADM25 Class
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4.1
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4.1\CLSID {DEF37997-D9C9-4A4B-BF3C-
            88F99EACEEC2}
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4.1 ADM4 Class


            RXToolbar Adware more information...
            Details: RXToolbar is an Internet Explorer toolbar that displays links for the
            current page being viewed, targeted through a specific Web site.
            Status: Removed
            Elevated threat - Elevated-risk items have some potential for harm. Users
            should review such programs and remove them if unwanted.

            Infected registry keys/values detected
            HKEY_CURRENT_USER\Software\RX Toolbar
            HKEY_CURRENT_USER\Software\RX Toolbar RegisterNow 1


            Altnet P2P Networking Adware more information...
            Details: Altnet P2P Networking enables other applications to use adware-based
            peer-to-peer functionality.
            Status: Removed
            Elevated threat - Elevated-risk items have some potential for harm. Users
            should review such programs and remove them if unwanted.

            Infected registry keys/values detected
            HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking


            KaZaA Under Investigation more information...
            Details: KaAaA is peer-to-peer file-sharing software that displays advertising
            and installs third-party adware on your computer.
            Status: Removed
            Moderate threat - Moderate-risk items have some potential for harm, but may be
            part of a wanted service. Users may decide to ignore such programs after review.

            Infected registry keys/values detected
            HKEY_CURRENT_USER\Software\Kazaa\Advanced
            HKEY_CURRENT_USER\software\kazaa Tmp 0
            HKEY_LOCAL_MACHINE\software\kazaa
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b0 0
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b1 0
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b0seconds 0
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\LastEstimate b 7872
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\LastEstimate time 1125132886
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b0 0
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b1 0
            HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b0seconds 0
            HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
            HKEY_LOCAL_MACHINE\software\kazaa\CloudLoad ShareDir
            HKEY_LOCAL_MACHINE\software\kazaa\ConnectionInfo +
            HKEY_LOCAL_MACHINE\software\kazaa\ConnectionInfo
            HKEY_LOCAL_MACHINE\software\kazaa\LocalContent +
            HKEY_LOCAL_MACHINE\software\kazaa\LocalContent DownloadDir C:\Program
            Files\Kazaa\My Shared Folder
            HKEY_LOCAL_MACHINE\software\kazaa\LocalContent DatabaseDir C:\Program
            Files\Kazaa\Db
            HKEY_LOCAL_MACHINE\software\kazaa +
            HKEY_LOCAL_MACHINE\software\kazaa Tmp 0
            HKEY_LOCAL_MACHINE\software\kazaa ListenPort 1520
            HKEY_LOCAL_MACHINE\software\kazaa UDP_probe_successes -1431655681
            HKEY_CURRENT_USER\software\kazaa
            HKEY_LOCAL_MACHINE\software\kazaa
            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app
            management\arpcache\p2p networking
            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app
            management\arpcache\p2p networking
            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app
            management\arpcache\p2p networking Changed 0
            HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed
            HKEY_CURRENT_USER\software\kazaa\Settings +
            HKEY_CURRENT_USER\software\kazaa\Settings Date
            HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0
            HKEY_CURRENT_USER\software\kazaa\Transfer +
            HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 1


            Detected Spyware Cookies
            No spyware cookies were found during this scan.
            • Gość: Kolobos Re: Dzięki :) IP: *.warszawa.sdi.tpnet.pl 15.10.05, 13:48
              Odinstalowac miales ewido, a Antispyware zostawic ;-)
              Log z Antispyware jest zbedny wiec nie musiales tego wklejac.

              wwdc zamyka tylko pare portow, ktorych windows uzywa, a raczej uzywaj robaki ;-)
              Nie ma to żadnego zwiazku z programami itd.
              Jak chcesz miec kontrole nad wszystkim to zainstaluj firewall np. Kerio

              Co do zapory to nie uzywam XP wiec nie wiem ale pewnie mozna tam sobie ustawic
              co sie chce :-)
Pełna wersja