about:blank
Mam problem ze stroną startową. Oczywiście obout blank. Przeskanowałem juź spykillerem, Cwshredder'em i innymi i nie pomaga. Hijakiem boję się ununąć czegoś czego nie jestem pewny, dlatego wysyłam loga. Jeśli ktoś wie jak pomóc to proszę o pomoc.
Logfile of HijackThis v1.98.0
Scan saved at 13:22:47, on 2004–07–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
E:Programy rojanyavastALWILS~1Avast4ashDisp.exe
E:Programy rojanyavastALWILS~1Avast4ashmaisv.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesSpyKillerspykiller.exe
C:WINDOWSSystem32 undll32.exe
e:Programy rojanyavastAlwil SoftwareAvast4aswUpdSv.exe
e:Programy rojanyavastAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32DRIVERSCDANTSRV.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32 cpsvcs.exe
C:WINDOWSSystem32Tablet.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSpyware StormerSpywareStormer.exe
C:Documents and Settingsdariusz lasotaPulpitHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://best–search.cc/search.php?v=6&aff=4216780
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://t.rack.cc/hp.php
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – {0FA33B6C–71BC–69D3–DB7A–472A4D6F3452} – (no file)
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 81.211.105.69 lender–search.com
O1 – Hosts: 81.211.105.68 hot–searches.com
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [avast!] e:Programy rojanyavastALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] e:Programy rojanyavastALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [Spyware Stormer] C:Program FilesSpyware StormerSpywareStormer.Exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU..Run: [SpyKiller] C:Program FilesSpyKillerspykiller.exe /startup
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O16 – DPF: BPHOnl – https://e–bank.bphpbk.pl/bph/portal/starts.nsf/econline/$File/BPHOnl.cab
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 – DPF: {11260943–421B–11D0–8EAC–0000C07D88CF} (iPIX ActiveX Control) – http://www.ipix.com/viewers/ipixx.cab
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330994.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ381010.exe
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {D719897A–B07A–4C0C–AEA9–9B663A28DFCB} (iTunesDetector Class) – http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {F6BF0D00–0B2A–4A75–BF7B–F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 – Protocol: start – {3050F406–98B5–11CF–BB82–00AA00BDCE0B} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:Program FilesWirtualna PolskaKontakturl_wpmsg.dll
O18 – Filter: text/html – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Filter: text/plain – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O19 – User stylesheet: C:WINDOWSWeboslogo.bmp (file missing)
Logfile of HijackThis v1.98.0
Scan saved at 13:22:47, on 2004–07–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
E:Programy rojanyavastALWILS~1Avast4ashDisp.exe
E:Programy rojanyavastALWILS~1Avast4ashmaisv.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesSpyKillerspykiller.exe
C:WINDOWSSystem32 undll32.exe
e:Programy rojanyavastAlwil SoftwareAvast4aswUpdSv.exe
e:Programy rojanyavastAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32DRIVERSCDANTSRV.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32 cpsvcs.exe
C:WINDOWSSystem32Tablet.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSpyware StormerSpywareStormer.exe
C:Documents and Settingsdariusz lasotaPulpitHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://best–search.cc/search.php?v=6&aff=4216780
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://t.rack.cc/hp.php
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – {0FA33B6C–71BC–69D3–DB7A–472A4D6F3452} – (no file)
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 81.211.105.69 lender–search.com
O1 – Hosts: 81.211.105.68 hot–searches.com
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [avast!] e:Programy rojanyavastALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] e:Programy rojanyavastALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [Spyware Stormer] C:Program FilesSpyware StormerSpywareStormer.Exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU..Run: [SpyKiller] C:Program FilesSpyKillerspykiller.exe /startup
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O16 – DPF: BPHOnl – https://e–bank.bphpbk.pl/bph/portal/starts.nsf/econline/$File/BPHOnl.cab
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 – DPF: {11260943–421B–11D0–8EAC–0000C07D88CF} (iPIX ActiveX Control) – http://www.ipix.com/viewers/ipixx.cab
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330994.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ381010.exe
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {D719897A–B07A–4C0C–AEA9–9B663A28DFCB} (iTunesDetector Class) – http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {F6BF0D00–0B2A–4A75–BF7B–F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 – Protocol: start – {3050F406–98B5–11CF–BB82–00AA00BDCE0B} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:Program FilesWirtualna PolskaKontakturl_wpmsg.dll
O18 – Filter: text/html – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Filter: text/plain – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O19 – User stylesheet: C:WINDOWSWeboslogo.bmp (file missing)
Odpowiedzi: 1
Usun
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://best–search.cc/search.php?v=6&aff=4216780
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://t.rack.cc/hp.php
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – {0FA33B6C–71BC–69D3–DB7A–472A4D6F3452} – (no file)
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 81.211.105.69 lender–search.com
O1 – Hosts: 81.211.105.68 hot–searches.com
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll (file missing)
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O18 – Protocol: start – {3050F406–98B5–11CF–BB82–00AA00BDCE0B} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Filter: text/html – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O18 – Filter: text/plain – {63B95211–7D77–11D2–9F80–00104B107C96} – C:WINDOWSSystem32LORUX[^a.dll
O19 – User stylesheet: C:WINDOWSWeboslogo.bmp (file missing)
Strona 1 / 1