spyware problemele...

IT
#1

spyware problemele…

#2

kaip reiketu panaikinti spyware savo kompe, kai tik paleidziu ineta, ishkart meta lenteles, kad kazkoks s… aptiktas ir siulo siustis kazkokias programas.Su adware 6.81 perskanuoju kiekviena diena, nortonu 2003 taip pat, bet kai tik ilendu i ineta vel taspats. Home page’as pastoviai nusimusha ir pasidaro search puslapis savaime, vietoj mano nustatyto.kas galetu patart…

#3

Pamėgink spy sweeper, o gal spybot search & destroy.

#4

Pas mane irgi ta pati problema Liūdnas isiinstaliavau 2 tas siulomas programas, viena suranda 248, kita - 98 tuos spyware, o kai nori juos isnaikint, tai ismeta lentele su siulymu pirkti ta programa, jei nori visus spyware istrint Liūdnas
o kur galeciau rasti ta spy sweeper?

#5

Dėl homepage nusimušimo, paspauskite Windows + F klavišų kombinaciją, įrašykite ancf.dll ir paieškokite. Jei radot - šitas failas ir keičia puslapį į tą search’ą. Per safe mode ištrinkite ir viskas čiki. Kietas

#6

Atsisiusk is cia http://www.spychecker.com/program/hijackthis.html
programele hijackthis. Pasileisk ja. Yra mygtukas scan. Paspaudus praskanuos ir raporta nupastink i kluba. Kai pamatysiu ji, galesiu pasakyti, kokius failus ir registro irasus istrinti …

#7

dekui labai Šypsena

#8

nu ir surado cia man labai daug visko, arba as kazko nemoku Liūdnas
nelabai as su tuo kompu draugauju, bet va, paziurekit, jei nesunku Šypsena

Logfile of HijackThis v1.97.7
Scan saved at 16:58:20, on 2004.05.25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon
.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:
Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoo
lsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOW
S\System32\ctfmon.exe
C:\windows\winlogon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\P
rogram Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
C:\WINDOWS\System32\wuauclt.
exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\fflh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22-1.dll
O2 - BHO: (no name) - {585564B9-3037-40BB-B39D-E5345D99D57E} - C:\WINDOWS\System32\fflh.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM…\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM…\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM…\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,NewDotNetStartup
O4 - HKLM…\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKLM…\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU…\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU…\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU…\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra ****on: ICQ Lite (HKLM)
O9 - Extra ‘Tools’ menuitem: ICQ Lite (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT! http://d.dialer2004.com//396754/main.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! http://65.75.133.65:80/iex/ofile.exe?url=http://65.75.133.65:80/dexLT2
06.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip…{05423396-9801-4FE0-93B8-5808030E144
0}: NameServer = 212.59.0.2 212.59.0.1
O17 - HKLM\System\CS1\Services\Tcpip…{05423396-9801-4FE0-93B8-5808030E144
0}: NameServer = 212.59.0.2 212.59.0.1

#9

truputi megsti po porno saitus pasivaiksciotiNekaltas

#10

ne as cia megstu Liūdnas turiu teti toki megstanti labai Liūdnas

#11

jooooooo…ApakęsApakęsApakęsApakęs…nu tiek dar neteko matyti…o techiu bana diuok kad kompa maziau sdiukslemis neprikrautu…Cha cha

#12

o tai kaip ta bana duot? Šypsena
ir gal kas galetu man pasakyti, ka is tos gausybes cia istrint reiktu ? Šypsena
dekui Šypsena

#13

Po scano tau reikia pazymeti varnuke visus situos ir fix it berods mygtuka:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:Program FilesNewDotNetnewdotnet6_22-1.dll
O2 - BHO: (no name) - {585564B9-3037-40BB-B39D-E5345D99D57E} - C:WINDOWSSystem32fflh.dll

O4 - HKLM…Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~3.DLL,NewDotNetStartup

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://d.dialer2004.com//396754/main.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! http://65.75.133.65:80/iex/ofile.exe?url=http://65.75.133.65:80/dexLT2
06.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:nosuch.mht! http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe

#14

Gerai, kad mano tėvas nesidomi kompais. Kietas

#15

Po scano tau reikia pazymeti varnuke visus situos ir fix it berods mygtuka:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32fflh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - CLiežuvisrogram FilesNewDotNetnewdotnet6_22-1.dll
O2 - BHO: (no name) - {585564B9-3037-40BB-B39D-E5345D99D57E} - C:WINDOWSSystem32fflh.dll

O4 - HKLM…Run: [New.net Startup] rundll32 CLiežuvisROGRA~1NEWDOT~1NEWDOT~3.DLL,NewDotNetStartup

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://d.dialer2004.com//396754/main.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! http://65.75.133.65:80/iex/ofile.exe?url=http://65.75.133.65:80/dexLT2
06.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:nosuch.mht! http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe

[/quote]

labai labai aciu Šypsena jokiu spyware nebeliko, ir homepage galiu pasidaryti koki tik noriu Šypsena labai dekoju Šypsena
o jei dar kokiu problemu iskils, ar galesiu kreiptis ir kitiems rekomenduot? Flirtas

#16

labai labai aciu Šypsena jokiu spyware nebeliko, ir homepage galiu pasidaryti koki tik noriu Šypsena labai dekoju Šypsena
o jei dar kokiu problemu iskils, ar galesiu kreiptis ir kitiems rekomenduot? Flirtas

[/quote]

Galesi Taip

#17

gal galetumet ir man patart, kuriuos trint perskanavus, o kuriuos ne…

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/ {SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh
ome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ekabba.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DA97D0B-76EA-4DF6-95AC-C97EAE8E53FF} - C:\WINDOWS\System32\mafh.dll (file missing)
O2 - BHO: (no name) - {4663406F-68EB-46B0-8071-B70B18337C22} - C:\WINDOWS\System32\ekabba.dll
O2 - BHO: (no name) - {668DC205-89B5-4D37-B29C-B33A8F6BFA3B} - C:\WINDOWS\System32\abnana.dll (file missing)
O2 - BHO: (no name) - {AECE011F-C153-424C-BAD0-0E7CA02C0230} - C:\WINDOWS\System32\lpmabaa.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM…\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM…\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM…\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra ****on: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38067.
8110648148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

#18

ir patarkit gerieji zmones, kaip ateityje nuo tu spyware apsisaugot???

#19

ir patarkit gerieji zmones, kaip ateityje nuo tu spyware apsisaugot???

#20

Gal ir pavelavau, anksciau neturejau laiko, dabar galiu parasyti, ka trinti:

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://ie.search.msn.com/ {SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh
ome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32ekabba.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

O2 - BHO: (no name) - {0DA97D0B-76EA-4DF6-95AC-C97EAE8E53FF} - C:WINDOWSSystem32mafh.dll (file missing)
O2 - BHO: (no name) - {4663406F-68EB-46B0-8071-B70B18337C22} - C:WINDOWSSystem32ekabba.dll
O2 - BHO: (no name) - {668DC205-89B5-4D37-B29C-B33A8F6BFA3B} - C:WINDOWSSystem32abnana.dll (file missing)
O2 - BHO: (no name) - {AECE011F-C153-424C-BAD0-0E7CA02C0230} - C:WINDOWSSystem32lpmabaa.dll (file missing)

O4 - HKLM…Run: [SiS KHooker] C:WINDOWSSystem32khooker.exe