need help

Jestem juz u kresu wytrzymałosci ten shit jest tak denerwujący –––> oczywiscie chodzi o stronę startową
Próbowałem :Adware spybota i schreddera przesyłam wam loga z hijack'a ........ POMÓŻCIE MI

Logfile of HijackThis v1.97.7
Scan saved at 19:04:21, on 2004–05–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–Gadugg.exe
C:docume~1micha~1daneap~1 skmon.exe
C:Program FilesVIARAID aid_tool.exe
C:Program FilesSpywareGuardsgmain.exe
C:Program FilesSpywareGuardsgbhp.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsMichałPulpitHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://cashsearch.biz/redir1.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://cashsearch.biz/redir1.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://cashsearch.biz/redir1.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://cashsearch.biz/redir1.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://google.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://google.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://cashsearch.biz/redir1.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://cashsearch.biz/redir1.php
O2 – BHO: SpywareGuard Download Protection – {4A368E80–174F–4872–96B5–0B27DDD11DB2} – C:Program FilesSpywareGuarddlprotect.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [Microsoft Internet Explorer] C:WINDOWSSystem32IEXPLORE.EXE
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesCloneCDCloneCDTray.exe" /s
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [drayfl2l02] C:Program FilesSymantec8clsua677e.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [System Update4] c:docume~1micha~1daneap~1 skmon.exe
O4 – Startup: SpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAID aid_tool.exe
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FlashGetjc_link.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {02BF25D5–8C17–4B23–BC80–D3488ABDDC6B} (QuickTime Object) – http://www.apple.com/qtactivex/qtplugin.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {94F5DCB7–816C–4B94–A2C1–856C6E323C5B} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.3904398148
O16 – DPF: {D1E7CBDA–E60E–4970–A01C–37301EF7BF98} (Measurement Service Client v.3.4) – http://ccon.futuremark.com/global/msc34.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EEECA057–AD0F–44A7–8BE5–8634CEDBDBD1} – http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

Pokaz co masz w rejestrze w kluczu HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
w msconfig i w podgladzie procesow.

EL NINO

Dodano: 26.05.2004 23:27:16

hmm ... mks virem

Anonymous

Dodano: 26.05.2004 22:05:15

czym skanowales i usnunales?

Anonymous

Dodano: 26.05.2004 21:06:15

hmmm dzis jeszcze raz liznołem pliki antyvirem i znajduje takiego syfa Trojan.Downloader.Jksear w C:WINDOWSsystem32driversetchosts ... mimo tego ze go kasuje to i tak po restarcie jest znow na swoim miejscu

Anonymous

Dodano: 26.05.2004 18:30:38

nic nie pomaga a shreddera to mam najnowszego ... chyba (1.57)
co teraz zrobic :cry:

Anonymous

Dodano: 26.05.2004 18:22:41

Na bank usun:

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://cashsearch.biz/redir1.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://cashsearch.biz/redir1.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://cashsearch.biz/redir1.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://cashsearch.biz/redir1.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://cashsearch.biz/redir1.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://cashsearch.biz/redir1.php
O16 – DPF: {94F5DCB7–816C–4B94–A2C1–856C6E323C5B} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O16 – DPF: {EEECA057–AD0F–44A7–8BE5–8634CEDBDBD1} – http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

Nie mam pewnosci co do tego, ale gdyby cos bylo nie tak, to po prostu przywrocisz:
O16 – DPF: {D1E7CBDA–E60E–4970–A01C–37301EF7BF98} (Measurement Service Client v.3.4) – http://ccon.futuremark.com/global/msc34.cab
jak i tego:
O4 – HKLM..Run: [drayfl2l02] C:Program FilesSymantec8clsua677e.exe
chociaz sadze ze ten plik w folderze Symanteca nie jest z pewnoscia ich produkcji. Jak wyzej – usun na probe.
Poza tym calkowite czyszczenie Tempow i plikow tymczasowych IE po odznaczeniu "ukryj pliki blabla".

No i jeszcze jedno – najnowsza wersja CwShreddera dalaby sobie pewnie rade.

EL NINO

Dodano: 26.05.2004 01:15:26

need help

Odpowiedzi: 6