newdotnet - o grija
Last Updated: Sep 03 2004 19:32, Started by
jean807
, Sep 01 2004 02:05
·
0
#1
Posted 01 September 2004 - 02:05
Acum cateva zile mi'a descoperit ad-aware 6 o cartela cu newdotnet, dar nu stergea. Am luat un anti-troian (The Cleaner) si a gasit si a sters tot ce a miscat Surpriza: a doua zi nu mai puteam sa accesez nici un site , mergea doar messenger. Am desfacut carantina si dupa un restart mergea totul normal Am cautat pe google si am gasit cum ca acest individ (newdotnet) poate provoca probleme la conexiune daca e sters gresit si nu dezinstalat. L'am dezinstalat deci. A disparut cartela NewDotNet si conexiunea merge bine..dar la o scanare am gasit resturi din el in cartela windows si povestea s'a repetat. Intrebarea e: cum pot sa scap ????? ma refer la o stergere manuala daca dezinstalarea nu a fost totala
As vrea detalii , nu sunt decat la nivel mediu de cunostinte Sorry daca acest subiect a mai fost dezbatut. |
#2
Posted 01 September 2004 - 09:23
Buna jean807, bine ai venit la forumul SoftPedia.
Fa download la HijackThis! , dezarhiveaza-l intr-un director al lui, de exemplu c:hjt , executa-l, apasa Scan si apoi Save Log. Posteaza te rog log-ul aici sa vedem ce a mai ramas din NewDotNet. Intre timp fa download la AdAware SE 1.03 de aici: AdAware SE Download . La instalare va elimina versiunea veche AdAware 6.181. La ultimul ecran debifeaza cele trei optiuni. Nu scana cu AdAware inca Configureaza AdAware 1.03 ca ma jos: Click pe roata dintata de sus: (Unele optiuni pot fi selectate numai in versiunile Plus si Pro - culoarea gri) General Safety Settings: primele trei optiuni trebuie sa fie neselectate (rosu). La ultima optiune se schimba 14 cu 7 (recomandare). Scanning Selecteaza urmatoarele optiuni: - (verde) "Scan within Archives" Click pe "Click here to select Drives + folders" si selecteaza toate HDD instalate. Memory & Registry: selecteaza toate optiunile (verde) Advanced La "Shell Integration" selecteaza "Move deleted files to Recycle Bin" (verde) Logfile Detail Level: selecteaza toate optiunile (verde). Defaults La "Default homepage" si/sau "Default searchpage" se introduc paginile dorite (de exemplu http://www.google.com/) Tweak Scanning Engine: selecteaza urmatoarele optiuni (verde) "Unload recognized processes during scanning." "Obtain command line of scanned processes" "Scan registry for all users instead of current user only" Cleaning Engine: selecteaza urmatoarele optiuni (verde) "Automatically try to unregister objects prior to deletion." "During removal, unload explorer and IE if necessary" "Let Windows remove files in use at next reboot." "Delete quarrantined objects after restoring" Safety settings: selecteaza (verde) "Write-protect system files after repair (Hosts file, etc)" Webupdate settings: Selecteaza toate optiunile (verde) Apasa "Proceed" pentru a salva preferintele. Fa update la semnaturi (globul albastru de sus). Nu folosi inca AdAware. |
#3
Posted 01 September 2004 - 13:02
uite si logul ....desi ma ingrijorez numai cat ma uit la el
Logfile of HiJackThis v1.98.2 Scan saved at 12.53.53, on 01/09/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgrammiFile comuniSymantec SharedccSetMgr.exe C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammiNorton AntiVirusnavapsvc.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSSystem32svchost.exe C:ProgrammiNorton AntiVirusSAVScan.exe C:ProgrammiFile comuniSymantec SharedccApp.exe C:WINDOWSSystem32RunDll32.exe C:ProgrammiMUSICMATCHMUSICMATCH Jukeboxmmtask.exe C:WINDOWSSystem32atwtusb.exe C:ProgrammiMSN AppsUpdater 1.02.0002.1001itmsnappau.exe C:ProgrammiThe Cleanertca.exe C:ProgrammiThe Cleanertcm.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammiLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe C:ProgrammiYahoo!Messengerypager.exe C:ProgrammiMSN MessengerMsnMsgr.Exe C:ProgrammiTRUSTSoftware BluetoothBTTray.exe C:Programmi3.0M SD DSCConsoleWatch.exe C:PROGRA~1TRUSTSOFTWA~1BTSTAC~1.EXE C:ProgrammiMessengermsmsgs.exe C:WINDOWSSystem32taskmgr.exe C:ProgrammiInternet Exploreriexplore.exe C:Program FilesmIRCmirc.exe C:ProgrammiInternet ExplorerIEXPLORE.EXE C:PROGRA~1WINZIPwinzip32.exe C:Documents and SettingsDImpostazioni localiTempHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.aol.co.uk R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://red.clientapp...://my.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapp...rch/search.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red.clientapp...://my.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.245.244.100:9201 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O1 - Hosts: 198.65.164.171 ehttp.cc O1 - Hosts: 198.65.164.168 winlink.biz O1 - Hosts: 198.65.164.168 winlink.ws O1 - Hosts: 198.65.164.168 ad45.com O1 - Hosts: 198.65.164.168 www.ad45.com O1 - Hosts: 198.65.164.168 ad77.com O1 - Hosts: 198.65.164.168 www.ad77.com O1 - Hosts: 198.65.164.168 ad86.com O1 - Hosts: 198.65.164.168 www.ad86.com O1 - Hosts: 198.65.164.168 ad25.com O1 - Hosts: 198.65.164.168 www.ad25.com O1 - Hosts: 198.65.164.168 00hq.com O1 - Hosts: 198.65.164.168 www.00hq.com O1 - Hosts: 198.65.164.168 8ad.com O1 - Hosts: 198.65.164.168 www.8ad.com O1 - Hosts: 198.65.164.168 searchv.com O1 - Hosts: 198.65.164.168 www.searchv.com O1 - Hosts: 198.65.164.168 008k.com O1 - Hosts: 198.65.164.168 www.008k.com O1 - Hosts: 198.65.164.170 galleryspots.com O1 - Hosts: 198.65.164.170 www.galleryspots.com O1 - Hosts: 198.65.164.170 cz9.clickzs.com O1 - Hosts: 198.65.164.170 cz8.clickzs.com O1 - Hosts: 198.65.164.170 cz7.clickzs.com O1 - Hosts: 198.65.164.170 cz6.clickzs.com O1 - Hosts: 198.65.164.170 cz5.clickzs.com O1 - Hosts: 198.65.164.170 cz4.clickzs.com O1 - Hosts: 198.65.164.170 cz3.clickzs.com O1 - Hosts: 198.65.164.170 cz2.clickzs.com O1 - Hosts: 198.65.164.170 cz1.clickzs.com O1 - Hosts: 198.65.164.170 bigfreepics.com O1 - Hosts: 198.65.164.170 www.moreporn.biz O1 - Hosts: 198.65.164.170 www.vimaxnow.net O1 - Hosts: 198.65.164.170 www.coolsearch.biz O1 - Hosts: 198.65.164.170 coolsearch.biz O1 - Hosts: 198.65.164.170 www.sexocean.biz O1 - Hosts: 198.65.164.170 penis-enlargement-pills.xxx.com O1 - Hosts: 198.65.164.170 www.bigfreepics.com O1 - Hosts: 198.65.164.170 penispills.xxx.com O1 - Hosts: 198.65.164.170 small-penis.abc3x.com O1 - Hosts: 198.65.164.170 www.extenzepills.com O1 - Hosts: 198.65.164.170 www.chokinchicken.com O1 - Hosts: 198.65.164.170 www.quelpenis.com O1 - Hosts: 198.65.164.170 www.myrealpics.com O1 - Hosts: 198.65.164.170 www.zonebest.com O1 - Hosts: 198.65.164.170 www.herbal-healthline.com O1 - Hosts: 198.65.164.170 www.herbalvirility.com O1 - Hosts: 198.65.164.170 www.optimoil.com O1 - Hosts: 198.65.164.170 www.menzyme.com O1 - Hosts: 198.65.164.170 defaultsearching.com O1 - Hosts: 198.65.164.170 www.findwhatnow.com O1 - Hosts: 198.65.164.170 free64all.com O1 - Hosts: 198.65.164.170 www.free64all.com O1 - Hosts: 198.65.164.170 coolsearcher.net O1 - Hosts: 198.65.164.170 www.placeforsearch.com O1 - Hosts: 198.65.164.170 placeforsearch.com O1 - Hosts: 198.65.164.170 www.sweet4all.com O1 - Hosts: 198.65.164.170 www.picsdrive.com O1 - Hosts: 198.65.164.170 chokinchicken.com O1 - Hosts: 198.65.164.170 www.efinder.cc O1 - Hosts: 198.65.164.170 nnsearch.biz O1 - Hosts: 198.65.164.170 www.doctors-choice-hgh-human-growth-hormone.com O1 - Hosts: 198.65.164.170 www.advice-hgh.com O1 - Hosts: 198.65.164.170 www.kcufrecnac.com O1 - Hosts: 198.65.164.170 www.medical-t.com O1 - Hosts: 198.65.164.170 www.hghcompany.com O1 - Hosts: 198.65.164.170 www.healthsuperstore.com O1 - Hosts: 198.65.164.170 www.hgh3000.com O1 - Hosts: 198.65.164.170 www.21stcenturyhgh.com O1 - Hosts: 198.65.164.170 www.sytropin.com O1 - Hosts: 198.65.164.170 www.rejuvence.com O1 - Hosts: 198.65.164.170 www.prescriptionhgh.com O1 - Hosts: 198.65.164.170 www.pureghr15.com O1 - Hosts: 198.65.164.170 www.genf20.com O1 - Hosts: 198.65.164.170 www.puremeds.com O1 - Hosts: 198.65.164.170 www.love-scent.com O1 - Hosts: 198.65.164.170 www.attract-rx.com O1 - Hosts: 198.65.164.170 www.nexuspheromones.com O1 - Hosts: 198.65.164.170 www.luvoil.com O1 - Hosts: 198.65.164.170 vimax.fuckfaster.com O1 - Hosts: 198.65.164.170 www.iso-herbal.com O1 - Hosts: 198.65.164.170 www.brava.com O1 - Hosts: 198.65.164.170 www.39-93.com O1 - Hosts: 198.65.164.170 www.how2enlargepenis.com O1 - Hosts: 198.65.164.170 finder2003.com O1 - Hosts: 198.65.164.170 www.spybot.info O1 - Hosts: 198.65.164.170 www.javacoolsoftware.com O1 - Hosts: 198.65.164.170 vimax-pills.xnxxx.com O1 - Hosts: 198.65.164.170 penis-pills.xnxxx.com O1 - Hosts: 198.65.164.170 www.search-aid.com O1 - Hosts: 198.65.164.170 www.pureteenz.com O1 - Hosts: 198.65.164.170 freednshost.info O1 - Hosts: 198.65.164.170 www.search2004.net O1 - Hosts: 198.65.164.170 www.hugesearch.net O1 - Hosts: 198.65.164.170 luckyfinder.com O1 - Hosts: 198.65.164.170 luckysearch.net O1 - Hosts: 198.65.164.170 kitasearch.com O1 - Hosts: 198.65.164.170 www.orbitexplorer.com O1 - Hosts: 198.65.164.170 www.sqwire.com O1 - Hosts: 198.65.164.170 www.traffichog.com O1 - Hosts: 198.65.164.170 allneedsearch.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:ProgrammiMSN AppsST 1.02.0002.1001en-xustmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgrammiMSN AppsMSN Toolbar 1.02.2001.0001itmsntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_12_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgrammiMSN AppsMSN Toolbar 1.02.2001.0001itmsntb.dll O3 - Toolbar: FlowGoBar - {4E7BD74F-2B8D-469E-C0FF-FD63B399BC7D} - C:ProgrammiFlowGoBarToolbarflgobar.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe" O4 - HKLM..Run: [zBrowser Launcher] C:ProgrammiLogitechiTouchiTouch.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [CAP3ON] C:WINDOWSSystem32spooldriversw32x863CAP3ONN.EXE O4 - HKLM..Run: [mmtask] C:ProgrammiMUSICMATCHMUSICMATCH Jukeboxmmtask.exe O4 - HKLM..Run: [atwtusb] atwtusb.exe beta O4 - HKLM..Run: [RoxioEngineUtility] "C:ProgrammiFile comuniRoxio SharedSystemEngUtil.exe" O4 - HKLM..Run: [RoxioDragToDisc] "C:ProgrammiRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe" O4 - HKLM..Run: [RoxioAudioCentral] "C:ProgrammiRoxioEasy CD Creator 6AudioCentralRxMon.exe" O4 - HKLM..Run: [msnappau] "C:ProgrammiMSN AppsUpdater 1.02.0002.1001itmsnappau.exe" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [tcactive] C:ProgrammiThe Cleanertca.exe O4 - HKLM..Run: [tcmonitor] C:ProgrammiThe Cleanertcm.exe O4 - HKLM..RunOnce: [SpybotSnD] "C:ProgrammiSpybot - Search & DestroySpybotSD.exe" /autocheck O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [LDM] C:ProgrammiLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe O4 - HKCU..Run: [Yahoo! Pager] C:ProgrammiYahoo!Messengerypager.exe -quiet O4 - HKCU..Run: [MsnMsgr] "C:ProgrammiMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [AIM] C:ProgrammiAIM95aim.exe -cnetwait.odl O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: Quick StartUp.lnk = C:PENSOFTfquick32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:ProgrammiFile comuniAdobeCalibrationAdobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:ProgrammiMicrosoft OfficeOFFICE11ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Controllo del Calendario di Ulead Photo Express.lnk = C:ProgrammiUlead SystemsUlead Photo Express 4.0 SECalCheck.exe O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:WINDOWSsystem32spooldriversw32x863CAP3LAK.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammiLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Watch.lnk = C:Programmi3.0M SD DSCConsoleWatch.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:ProgrammiYahoo!Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:ProgrammiYahoo!Common/ycsrch.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:ProgrammiYahoo!Messengeryhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:ProgrammiYahoo!Messengeryhexbmes0411.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:ProgrammiAIM95aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE O12 - Plugin for .spop: C:ProgrammiInternet ExplorerPluginsNPDocBox.dll O12 - Plugin for .UVR: C:ProgrammiInternet ExplorerPluginsNPUPano.dll O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3us.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab O17 - HKLMSystemCCSServicesTcpip..{CCD9413E-6A86-44FC-A076-C88D9E1198B7}: NameServer = 212.245.255.2 212.141.84.12 |
#4
Posted 01 September 2004 - 14:32
Quote Originally posted by jean807 uite si logul ....desi ma ingrijorez numai cat ma uit la el Putea fi si mai rau . 1. Ai vreun motiv sa directionezi toate site-urile alea de la O1 la 198.65.164.170 OrgName: Verio, Inc. OrgID: VRIO Address: 8005 South Chester Street Address: Suite 200 City: Englewood StateProv: CO PostalCode: 80112 Country: US ? Daca nu ai sau nu stii despre ce vorbesc fa download la acest program Hoster , dezarhiveaza-l undeva, executa-l si apasa butonul "Restore Orginal Hosts". Inchide programul. Reboot in Safe mode (vezi punctul 3). 3. REBOOT in Safe Mode (apasa tasta F8 de mai multe ori imediat ce porneste calculatorul. Alege Safe Mode - sus). Muta "HijackThis!" intr-un director al lui, de exemplu c:HJT si executa-l. Inchide toate ferestrele si browserul. Bifeaza urmatoarele: R3 - Default URLSearchHook is missing Pe astea daca le mai gasesti: O1 - Hosts: 198.65.164.171 ehttp.cc O1 - Hosts: 198.65.164.168 winlink.biz O1 - Hosts: 198.65.164.168 winlink.ws O1 - Hosts: 198.65.164.168 ad45.com O1 - Hosts: 198.65.164.168 www.ad45.com O1 - Hosts: 198.65.164.168 ad77.com O1 - Hosts: 198.65.164.168 www.ad77.com O1 - Hosts: 198.65.164.168 ad86.com O1 - Hosts: 198.65.164.168 www.ad86.com O1 - Hosts: 198.65.164.168 ad25.com O1 - Hosts: 198.65.164.168 www.ad25.com O1 - Hosts: 198.65.164.168 00hq.com O1 - Hosts: 198.65.164.168 www.00hq.com O1 - Hosts: 198.65.164.168 8ad.com O1 - Hosts: 198.65.164.168 www.8ad.com O1 - Hosts: 198.65.164.168 searchv.com O1 - Hosts: 198.65.164.168 www.searchv.com O1 - Hosts: 198.65.164.168 008k.com O1 - Hosts: 198.65.164.168 www.008k.com O1 - Hosts: 198.65.164.170 galleryspots.com O1 - Hosts: 198.65.164.170 www.galleryspots.com O1 - Hosts: 198.65.164.170 cz9.clickzs.com O1 - Hosts: 198.65.164.170 cz8.clickzs.com O1 - Hosts: 198.65.164.170 cz7.clickzs.com O1 - Hosts: 198.65.164.170 cz6.clickzs.com O1 - Hosts: 198.65.164.170 cz5.clickzs.com O1 - Hosts: 198.65.164.170 cz4.clickzs.com O1 - Hosts: 198.65.164.170 cz3.clickzs.com O1 - Hosts: 198.65.164.170 cz2.clickzs.com O1 - Hosts: 198.65.164.170 cz1.clickzs.com O1 - Hosts: 198.65.164.170 bigfreepics.com O1 - Hosts: 198.65.164.170 www.moreporn.biz O1 - Hosts: 198.65.164.170 www.vimaxnow.net O1 - Hosts: 198.65.164.170 www.coolsearch.biz O1 - Hosts: 198.65.164.170 coolsearch.biz O1 - Hosts: 198.65.164.170 www.sexocean.biz O1 - Hosts: 198.65.164.170 penis-enlargement-pills.xxx.com O1 - Hosts: 198.65.164.170 www.bigfreepics.com O1 - Hosts: 198.65.164.170 penispills.xxx.com O1 - Hosts: 198.65.164.170 small-penis.abc3x.com O1 - Hosts: 198.65.164.170 www.extenzepills.com O1 - Hosts: 198.65.164.170 www.chokinchicken.com O1 - Hosts: 198.65.164.170 www.quelpenis.com O1 - Hosts: 198.65.164.170 www.myrealpics.com O1 - Hosts: 198.65.164.170 www.zonebest.com O1 - Hosts: 198.65.164.170 www.herbal-healthline.com O1 - Hosts: 198.65.164.170 www.herbalvirility.com O1 - Hosts: 198.65.164.170 www.optimoil.com O1 - Hosts: 198.65.164.170 www.menzyme.com O1 - Hosts: 198.65.164.170 defaultsearching.com O1 - Hosts: 198.65.164.170 www.findwhatnow.com O1 - Hosts: 198.65.164.170 free64all.com O1 - Hosts: 198.65.164.170 www.free64all.com O1 - Hosts: 198.65.164.170 coolsearcher.net O1 - Hosts: 198.65.164.170 www.placeforsearch.com O1 - Hosts: 198.65.164.170 placeforsearch.com O1 - Hosts: 198.65.164.170 www.sweet4all.com O1 - Hosts: 198.65.164.170 www.picsdrive.com O1 - Hosts: 198.65.164.170 chokinchicken.com O1 - Hosts: 198.65.164.170 www.efinder.cc O1 - Hosts: 198.65.164.170 nnsearch.biz O1 - Hosts: 198.65.164.170 www.doctors-choice-hgh-human-growth-hormone.com O1 - Hosts: 198.65.164.170 www.advice-hgh.com O1 - Hosts: 198.65.164.170 www.kcufrecnac.com O1 - Hosts: 198.65.164.170 www.medical-t.com O1 - Hosts: 198.65.164.170 www.hghcompany.com O1 - Hosts: 198.65.164.170 www.healthsuperstore.com O1 - Hosts: 198.65.164.170 www.hgh3000.com O1 - Hosts: 198.65.164.170 www.21stcenturyhgh.com O1 - Hosts: 198.65.164.170 www.sytropin.com O1 - Hosts: 198.65.164.170 www.rejuvence.com O1 - Hosts: 198.65.164.170 www.prescriptionhgh.com O1 - Hosts: 198.65.164.170 www.pureghr15.com O1 - Hosts: 198.65.164.170 www.genf20.com O1 - Hosts: 198.65.164.170 www.puremeds.com O1 - Hosts: 198.65.164.170 www.love-scent.com O1 - Hosts: 198.65.164.170 www.attract-rx.com O1 - Hosts: 198.65.164.170 www.nexuspheromones.com O1 - Hosts: 198.65.164.170 www.luvoil.com O1 - Hosts: 198.65.164.170 vimax.fuckfaster.com O1 - Hosts: 198.65.164.170 www.iso-herbal.com O1 - Hosts: 198.65.164.170 www.brava.com O1 - Hosts: 198.65.164.170 www.39-93.com O1 - Hosts: 198.65.164.170 www.how2enlargepenis.com O1 - Hosts: 198.65.164.170 finder2003.com O1 - Hosts: 198.65.164.170 www.spybot.info O1 - Hosts: 198.65.164.170 www.javacoolsoftware.com O1 - Hosts: 198.65.164.170 vimax-pills.xnxxx.com O1 - Hosts: 198.65.164.170 penis-pills.xnxxx.com O1 - Hosts: 198.65.164.170 www.search-aid.com O1 - Hosts: 198.65.164.170 www.pureteenz.com O1 - Hosts: 198.65.164.170 freednshost.info O1 - Hosts: 198.65.164.170 www.search2004.net O1 - Hosts: 198.65.164.170 www.hugesearch.net O1 - Hosts: 198.65.164.170 luckyfinder.com O1 - Hosts: 198.65.164.170 luckysearch.net O1 - Hosts: 198.65.164.170 kitasearch.com O1 - Hosts: 198.65.164.170 www.orbitexplorer.com O1 - Hosts: 198.65.164.170 www.sqwire.com O1 - Hosts: 198.65.164.170 www.traffichog.com O1 - Hosts: 198.65.164.170 allneedsearch.com O3 - Toolbar: FlowGoBar - {4E7BD74F-2B8D-469E-C0FF-FD63B399BC7D} - C:ProgrammiFlowGoBarToolbarflgobar.dll O4 - Startup: PowerReg Scheduler V3.exe Apasa "Fix" si inchide HiJackThis. 4. Apasa CTRL-ALT-DEL si cauta urmatoarele daca le gasesti: powerreg scheduler v3.exe powerreg scheduler.exe powerreg schedulerv2.exe Fa click - dreapta si alege End Process. 4. Cauta si sterge urmatoarele fisiere si foldere: Aceste fisiere pe unde le gasesti: (cauta cu Start --> Search) powerreg scheduler v3.exe webshots.lnk powerreg scheduler.exe powerreg schedulerv2.exe Acest folder FlowGoBar in C:Programmi Acest folder powerreg in C:Programmi 5. REBOOT normal si posteaza un nou log HJT. |
#5
Posted 01 September 2004 - 15:51
Sa incepem cu inceputul.
1. Luat hoster. Rezolvat. 2. Safe mode....( apropo: care e tasta pt intrat in safe mode? ca f8 imi dadea o fereastra in care sa aleg un drive pt boot ...am recurs la niste artificii ca sa intru acolo ) Dupa ce am dat fix cu hijack chiar nu am gasit decat cartela cu flowgobar...nimic din celelalte pomenite . 3. uite si noul log...un pic mai curatel Logfile of HiJackThis v1.98.2 Scan saved at 15.40.06, on 01/09/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgrammiFile comuniSymantec SharedccSetMgr.exe C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammiNorton AntiVirusnavapsvc.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSSystem32svchost.exe C:ProgrammiFile comuniSymantec SharedccApp.exe C:ProgrammiLogitechiTouchiTouch.exe C:WINDOWSSystem32RunDll32.exe C:ProgrammiMUSICMATCHMUSICMATCH Jukeboxmmtask.exe C:WINDOWSSystem32atwtusb.exe C:ProgrammiMSN AppsUpdater 1.02.0002.1001itmsnappau.exe C:ProgrammiThe Cleanertca.exe C:ProgrammiThe Cleanertcm.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammiLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe C:ProgrammiYahoo!Messengerypager.exe C:ProgrammiMSN MessengerMsnMsgr.Exe C:ProgrammiTRUSTSoftware BluetoothBTTray.exe C:ProgrammiNorton AntiVirusSAVScan.exe C:Programmi3.0M SD DSCConsoleWatch.exe C:PROGRA~1TRUSTSOFTWA~1BTSTAC~1.EXE C:ProgrammiMessengermsmsgs.exe C:WINDOWSSystem32wuauclt.exe C:Documents and SettingsDDocumentihijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.aol.co.uk R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://red.clientapp...://my.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapp...rch/search.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red.clientapp...://my.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.245.244.100:9201 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:ProgrammiMSN AppsST 1.02.0002.1001en-xustmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgrammiMSN AppsMSN Toolbar 1.02.2001.0001itmsntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_12_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgrammiMSN AppsMSN Toolbar 1.02.2001.0001itmsntb.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe" O4 - HKLM..Run: [zBrowser Launcher] C:ProgrammiLogitechiTouchiTouch.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [CAP3ON] C:WINDOWSSystem32spooldriversw32x863CAP3ONN.EXE O4 - HKLM..Run: [mmtask] C:ProgrammiMUSICMATCHMUSICMATCH Jukeboxmmtask.exe O4 - HKLM..Run: [atwtusb] atwtusb.exe beta O4 - HKLM..Run: [RoxioEngineUtility] "C:ProgrammiFile comuniRoxio SharedSystemEngUtil.exe" O4 - HKLM..Run: [RoxioDragToDisc] "C:ProgrammiRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe" O4 - HKLM..Run: [RoxioAudioCentral] "C:ProgrammiRoxioEasy CD Creator 6AudioCentralRxMon.exe" O4 - HKLM..Run: [msnappau] "C:ProgrammiMSN AppsUpdater 1.02.0002.1001itmsnappau.exe" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [tcactive] C:ProgrammiThe Cleanertca.exe O4 - HKLM..Run: [tcmonitor] C:ProgrammiThe Cleanertcm.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [LDM] C:ProgrammiLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe O4 - HKCU..Run: [Yahoo! Pager] C:ProgrammiYahoo!Messengerypager.exe -quiet O4 - HKCU..Run: [MsnMsgr] "C:ProgrammiMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [AIM] C:ProgrammiAIM95aim.exe -cnetwait.odl O4 - Startup: Quick StartUp.lnk = C:PENSOFTfquick32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:ProgrammiFile comuniAdobeCalibrationAdobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:ProgrammiMicrosoft OfficeOFFICE11ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Controllo del Calendario di Ulead Photo Express.lnk = C:ProgrammiUlead SystemsUlead Photo Express 4.0 SECalCheck.exe O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:WINDOWSsystem32spooldriversw32x863CAP3LAK.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammiLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Watch.lnk = C:Programmi3.0M SD DSCConsoleWatch.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:ProgrammiYahoo!Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:ProgrammiYahoo!Common/ycsrch.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:ProgrammiYahoo!Messengeryhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:ProgrammiYahoo!Messengeryhexbmes0411.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:ProgrammiAIM95aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE O12 - Plugin for .spop: C:ProgrammiInternet ExplorerPluginsNPDocBox.dll O12 - Plugin for .UVR: C:ProgrammiInternet ExplorerPluginsNPUPano.dll O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3us.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab |
#6
Posted 01 September 2004 - 16:03
Si am observat un fenomen: a scazut nivelul utilizarii "file paging " de la 270 (cca) la 231 mb. Semn bun?
|
#8
Posted 01 September 2004 - 20:29
nu vreau sa fiu rau ... dar dupa ce iti dai seama ca e curat?
|
#9
Posted 01 September 2004 - 20:40
Pai ... nu vad nimic suspect. Toate sunt acolo unde ma astept sa le gasesc. Nici o denumire a vreunui fisier nu este suspecta si nici un GUID (Globally Unique IDentifier) nu e bad.
|
#10
Posted 01 September 2004 - 20:51
De as reusi sa gasesc de unde sa iau imaginea cu print screen, v'as arata ca individul sta inca la mine in computer. A mai ramas doar NDNuninstal6_30.exe localizat in Windows si daca il sterg adio conexiune internet.
|
|
#13
Posted 01 September 2004 - 21:32
In Add/Remove programs nu ai "Download Receiver" pe care il poti dezinstala ?
|
#14
Posted 01 September 2004 - 21:34
... scuze de indrazneala, dar cam repede ti-ai dat seama ca e recomandare gresita!
Nu era vorba de newdot ? ar fi trebuit sa lasi post-ul nu sa-l razi cu totul ca si cum as fi spus ceva de warez .... in fine. |
#15
Posted 01 September 2004 - 21:44
Quote Originally posted by pdanyels ... scuze de indrazneala, dar cam repede ti-ai dat seama ca e recomandare gresita! In HJT log nu apare nimic de genul: O10 - Unknown file in Winsock LSP Daca ai un motiv serios pentru care recomanzi LSPFix spune te rog. Daca eu am gresit iti pun textul la loc si imi cer scuze. [later] NewDotNet poate fi dezinstalat fara probleme folosind instructiunile date de producator la pagina http://www.newdotnet.com/ - ultimul link pe pagina. Din motive legale continutul paginii nu poate fi reprodus aici. [/later] |
|
#16
Posted 01 September 2004 - 21:51
asa am ramas eu agatat dupa ce am fost infectat si se pare ca mai sunt cu un browser hijaker, un programel ceva imi tot genereaza din cand in cand dll-uri de 30kb in system .. dar am ramas cu repercusiuni in sensul ca la pornirea lui totalcomander imi da eroare ba la kernel32 ba la unknown cu toate ca eu pot sa rulez in continuare programul dar raman agatat cu fereastra de eroare care daca o inchid evident imi zboara si programul.
Momentan sunt linistit ca orice incercare de a modifica in registrii imi este alertata de Browser Hijack Blaster si pot sa contracarez actiunea de a schimba pagina de black cu una care se salveaza pe pc. HJT-ul nu ul pot lua ca nu pot face conexiuni la portul 8080 (redirectare in linux) si site-ul oficial ultima data cand am verificat era in reparatii |
#17
Posted 01 September 2004 - 22:07
"In Add/Remove programs nu ai "Download Receiver" pe care il poti dezinstala ?"
Nimic de genul asta. "In HJT log nu apare nimic de genul: O10 - Unknown file in Winsock LSP" Poate ca ar apare in momentul in care l'as sterge. "NewDotNet poate fi dezinstalat fara probleme folosind instructiunile date de producator la pagina " Deja e dezinstalat....am citit si eu pagina aia de la ei inainte de a pune thread aici. Acesta a ramas dupa dezinstalare. |
#18
Posted 01 September 2004 - 22:11
Poza pe care ai pus-o acolo este altceva:
1. Semnalarea DSO Exploit este un bug al Spybot S&D. Va fi remediat la versiunea 1.4. Nu fixa DSO Exploit. 2. Cu eAcceleration e aceiasi problema ca si cu NewDotNet. Se dezinstaleaza din Add/Remove programs. Intreb acum exact ce e cu el si revin. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users