log do sprawdzenia
zwracałam sie juz z tym problemem, robiłam co radziliscie, ale wirusy wracaja. otwieram przegladarke i na wstepie Avast informuje mnie o tym ze jakis tam plik został zarazony wirusem win32:startpage–006. usuwam co sie da, czyszcze antyszpiegami itp. ale to wraca. czy powinnam zainstalowac dodatkowego firewalla (obecnie działa mi tylko zapora systemowa – winxp sp2)
ponizej log z hjt
Logfile of HijackThis v1.97.7
Scan saved at 19:27:25, on 2004–12–13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesMarBitALLPlayerALLPlayer.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesGadu–Gadugg.exe
G:Program FilesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
ponizej log z hjt
Logfile of HijackThis v1.97.7
Scan saved at 19:27:25, on 2004–12–13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesMarBitALLPlayerALLPlayer.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesGadu–Gadugg.exe
G:Program FilesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
Odpowiedzi: 1
Wylacz przywracanie
FIX:
How to remove >> fałszywy about:blank
>> to mi wyglada podejrzanie
FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
How to remove >> fałszywy about:blank
G:Program FilesMSN Assistantmsr.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
>> to mi wyglada podejrzanie
Strona 1 / 1